[dovecot-cvs] dovecot/src/auth auth-request.c, 1.29, 1.30 auth-request.h, 1.18, 1.19 auth.c, 1.17, 1.18 auth.h, 1.14, 1.15 passdb-blocking.c, 1.6, 1.7 passdb-bsdauth.c, 1.10, 1.11 passdb-passwd.c, 1.13, 1.14 passdb-shadow.c, 1.14, 1.15

Sat Oct 1 13:52:18 EEST 2005

Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv23762/src/auth

Modified Files:
	auth-request.c auth-request.h auth.c auth.h passdb-blocking.c 
	passdb-bsdauth.c passdb-passwd.c passdb-shadow.c 
Log Message:
Added ssl_username_from_cert setting. Not actually tested yet..



Index: auth-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.c,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -d -r1.29 -r1.30

--- auth-request.c	24 Sep 2005 12:55:23 -0000	1.29
+++ auth-request.c	1 Oct 2005 10:52:14 -0000	1.30
@@ -120,7 +120,14 @@
 {
 	if (strcmp(key, "user") == 0)
 		request->user = p_strdup(request->pool, value);
-	if (strcmp(key, "service") == 0)
+	else if (strcmp(key, "cert_username") == 0) {
+		if (request->auth->ssl_username_from_cert) {
+			/* get username from SSL certificate. it overrides
+			   the username given by the auth mechanism. */
+			request->user = p_strdup(request->pool, value);
+			request->cert_username = TRUE;
+		}
+	} else if (strcmp(key, "service") == 0)
 		request->service = p_strdup(request->pool, value);
 	else if (strcmp(key, "lip") == 0)
 		net_addr2ip(value, &request->local_ip);
@@ -415,6 +422,12 @@
 {
 	unsigned char *p;
 
+	if (request->cert_username) {
+		/* cert_username overrides the username given by
+		   authentication mechanism. */
+		return TRUE;
+	}
+
 	if (*username == '\0') {
 		/* Some PAM plugins go nuts with empty usernames */
 		*error_r = "Empty username";

Index: auth-request.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.h,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- auth-request.h	24 Sep 2005 10:50:38 -0000	1.18
+++ auth-request.h	1 Oct 2005 10:52:14 -0000	1.19
@@ -58,6 +58,8 @@
 	unsigned int no_failure_delay:1;
 	unsigned int no_login:1;
 	unsigned int proxy:1;
+	unsigned int cert_username:1;
+
 	/* ... mechanism specific data ... */
 };
 

Index: auth.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- auth.c	24 Sep 2005 12:55:23 -0000	1.17
+++ auth.c	1 Oct 2005 10:52:14 -0000	1.18
@@ -221,6 +221,8 @@
 
 	auth->ssl_require_client_cert =
 		getenv("SSL_REQUIRE_CLIENT_CERT") != NULL;
+	auth->ssl_username_from_cert =
+		getenv("SSL_USERNAME_FROM_CERT") != NULL;
 }
 
 void auth_deinit(struct auth *auth)

Index: auth.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth.h,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- auth.h	24 Sep 2005 12:55:23 -0000	1.14
+++ auth.h	1 Oct 2005 10:52:14 -0000	1.15
@@ -42,6 +42,7 @@
 	char username_chars[256];
         char username_translation[256];
 	int ssl_require_client_cert;
+        int ssl_username_from_cert;
 
 	int verbose, verbose_debug;
 };

Index: passdb-blocking.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-blocking.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- passdb-blocking.c	7 Aug 2005 11:41:19 -0000	1.6
+++ passdb-blocking.c	1 Oct 2005 10:52:14 -0000	1.7
@@ -59,7 +59,7 @@
 	}
 
 	/* username may have changed, update it */
-	request->user = p_strdup_until(request->pool, reply, p);
+        auth_request_set_field(request, "user", t_strdup_until(reply, p), NULL);
 
 	*password_r = t_strdup_until(p + 1, p2);
 	reply = p2 + 1;

Index: passdb-bsdauth.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-bsdauth.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- passdb-bsdauth.c	12 Jul 2005 12:58:47 -0000	1.10
+++ passdb-bsdauth.c	1 Oct 2005 10:52:14 -0000	1.11
@@ -47,7 +47,7 @@
 	}
 
 	/* make sure we're using the username exactly as it's in the database */
-	request->user = p_strdup(request->pool, pw->pw_name);
+        auth_request_set_field(request, "user", pw->pw_name, NULL);
 
 	callback(PASSDB_RESULT_OK, request);
 }

Index: passdb-passwd.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-passwd.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- passdb-passwd.c	12 Jul 2005 12:58:47 -0000	1.13
+++ passdb-passwd.c	1 Oct 2005 10:52:14 -0000	1.14
@@ -44,7 +44,7 @@
 	}
 
 	/* make sure we're using the username exactly as it's in the database */
-	request->user = p_strdup(request->pool, pw->pw_name);
+        auth_request_set_field(request, "user", pw->pw_name, NULL);
 
 	callback(PASSDB_RESULT_OK, request);
 }

Index: passdb-shadow.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-shadow.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- passdb-shadow.c	12 Jul 2005 12:58:47 -0000	1.14
+++ passdb-shadow.c	1 Oct 2005 10:52:14 -0000	1.15
@@ -44,7 +44,7 @@
 	}
 
 	/* make sure we're using the username exactly as it's in the database */
-	request->user = p_strdup(request->pool, spw->sp_namp);
+        auth_request_set_field(request, "user", spw->sp_namp, NULL);
 
 	callback(PASSDB_RESULT_OK, request);
 }

