dovecot-1.2: Added %k variable to display valid-client-cert stat...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-1.2/rev/d49aa6720fb2
changeset: 8320:d49aa6720fb2
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Oct 23 20:31:41 2008 +0300
description:
Added %k variable to display valid-client-cert status. It expands to "valid" or empty.

diffstat:

3 files changed, 9 insertions(+), 5 deletions(-)
src/auth/auth-request-handler.c |    7 ++-----
src/auth/auth-request.c         |    6 ++++++
src/auth/auth-request.h         |    1 +

diffs (86 lines):

diff -r 8553bb4c53ad -r d49aa6720fb2 src/auth/auth-request-handler.c
--- a/src/auth/auth-request-handler.c	Thu Oct 23 20:15:16 2008 +0300
+++ b/src/auth/auth-request-handler.c	Thu Oct 23 20:31:41 2008 +0300
@@ -276,7 +276,6 @@ bool auth_request_handler_auth_begin(str
 	size_t initial_resp_len;
 	unsigned int id;
 	buffer_t *buf;
-	bool valid_client_cert;
 
 	/* <id> <mechanism> [...] */
 	list = t_strsplit(args, "\t");
@@ -304,7 +303,6 @@ bool auth_request_handler_auth_begin(str
 
 	/* parse optional parameters */
 	initial_resp = NULL;
-	valid_client_cert = FALSE;
 	for (list += 2; *list != NULL; list++) {
 		arg = strchr(*list, '=');
 		if (arg == NULL) {
@@ -317,8 +315,6 @@ bool auth_request_handler_auth_begin(str
 
 		if (auth_request_import(request, name, arg))
 			;
-		else if (strcmp(name, "valid-client-cert") == 0)
-			valid_client_cert = TRUE;
 		else if (strcmp(name, "resp") == 0) {
 			initial_resp = arg;
 			/* this must be the last parameter */
@@ -343,7 +339,8 @@ bool auth_request_handler_auth_begin(str
 
 	hash_insert(handler->requests, POINTER_CAST(id), request);
 
-	if (request->auth->ssl_require_client_cert && !valid_client_cert) {
+	if (request->auth->ssl_require_client_cert &&
+	    !request->valid_client_cert) {
 		/* we fail without valid certificate */
                 auth_request_handler_auth_fail(handler, request,
 			"Client didn't present valid SSL certificate");
diff -r 8553bb4c53ad -r d49aa6720fb2 src/auth/auth-request.c
--- a/src/auth/auth-request.c	Thu Oct 23 20:15:16 2008 +0300
+++ b/src/auth/auth-request.c	Thu Oct 23 20:31:41 2008 +0300
@@ -147,6 +147,8 @@ void auth_request_export(struct auth_req
 		auth_stream_reply_add(reply, "secured", "1");
 	if (request->skip_password_check)
 		auth_stream_reply_add(reply, "skip_password_check", "1");
+	if (request->valid_client_cert)
+		auth_stream_reply_add(reply, "valid-client-cert", "1");
 	if (request->mech_name != NULL)
 		auth_stream_reply_add(reply, "mech", request->mech_name);
 }
@@ -179,6 +181,8 @@ bool auth_request_import(struct auth_req
 		request->secured = TRUE;
 	else if (strcmp(key, "nologin") == 0)
 		request->no_login = TRUE;
+	else if (strcmp(key, "valid-client-cert") == 0)
+		request->valid_client_cert = TRUE;
 	else if (strcmp(key, "skip_password_check") == 0) {
 		i_assert(request->master_user !=  NULL);
 		request->skip_password_check = TRUE;
@@ -1347,6 +1351,7 @@ auth_request_get_var_expand_table(const 
 		{ 'c', NULL },
 		{ 'a', NULL },
 		{ 'b', NULL },
+		{ 'k', NULL },
 		{ '\0', NULL }
 	};
 	struct var_expand_table *tab;
@@ -1386,6 +1391,7 @@ auth_request_get_var_expand_table(const 
 	tab[11].value = auth_request->secured ? "secured" : "";
 	tab[12].value = dec2str(auth_request->local_port);
 	tab[13].value = dec2str(auth_request->remote_port);
+	tab[14].value = auth_request->valid_client_cert ? "valid" : "";
 	return tab;
 }
 
diff -r 8553bb4c53ad -r d49aa6720fb2 src/auth/auth-request.h
--- a/src/auth/auth-request.h	Thu Oct 23 20:15:16 2008 +0300
+++ b/src/auth/auth-request.h	Thu Oct 23 20:31:41 2008 +0300
@@ -91,6 +91,7 @@ struct auth_request {
 	unsigned int skip_password_check:1;
 	unsigned int proxy:1;
 	unsigned int proxy_maybe:1;
+	unsigned int valid_client_cert:1;
 	unsigned int cert_username:1;
 	unsigned int userdb_lookup:1;
 	unsigned int userdb_lookup_failed:1;