diff --git a/src/auth/auth-request-var-expand.c b/src/auth/auth-request-var-expand.c index 566783d703..b4eea8e063 100644 --- a/src/auth/auth-request-var-expand.c +++ b/src/auth/auth-request-var-expand.c @@ -115,7 +115,12 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request, } tab[10].value = auth_request->mech_name == NULL ? "" : escape_func(auth_request->mech_name, auth_request); - tab[11].value = auth_request->secured ? "secured" : ""; + switch(auth_request->secured) { + case AUTH_REQUEST_SECURED_NONE: tab[11].value = ""; break; + case AUTH_REQUEST_SECURED: tab[11].value = "secured"; break; + case AUTH_REQUEST_SECURED_TLS: tab[11].value = "TLS"; break; + default: tab[11].value = ""; break; + }; tab[12].value = dec2str(auth_request->local_port); tab[13].value = dec2str(auth_request->remote_port); tab[14].value = auth_request->valid_client_cert ? "valid" : ""; diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c index 4343dd562b..8aaa4f99bf 100644 --- a/src/auth/auth-request.c +++ b/src/auth/auth-request.c @@ -352,8 +352,12 @@ void auth_request_export(struct auth_request *request, string_t *dest) str_printfa(dest, "\tsession=%s", request->session_id); if (request->debug) str_append(dest, "\tdebug"); - if (request->secured) - str_append(dest, "\tsecured"); + switch(request->secured) { + case AUTH_REQUEST_SECURED_NONE: break; + case AUTH_REQUEST_SECURED: str_append(dest, "\tsecured"); break; + case AUTH_REQUEST_SECURED_TLS: str_append(dest, "\tsecured=tls"); break; + default: break; + } if (request->skip_password_check) str_append(dest, "\tskip-password-check"); if (request->delayed_credentials != NULL) @@ -437,8 +441,12 @@ bool auth_request_import_auth(struct auth_request *request, return TRUE; /* auth client may set these */ - if (strcmp(key, "secured") == 0) - request->secured = TRUE; + if (strcmp(key, "secured") == 0) { + if (strcmp(value, "tls") == 0) + request->secured = AUTH_REQUEST_SECURED_TLS; + else + request->secured = AUTH_REQUEST_SECURED; + } else if (strcmp(key, "final-resp-ok") == 0) request->final_resp_ok = TRUE; else if (strcmp(key, "no-penalty") == 0) diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h index 19a02a950e..d4a0eba9f4 100644 --- a/src/auth/auth-request.h +++ b/src/auth/auth-request.h @@ -23,6 +23,12 @@ enum auth_request_state { AUTH_REQUEST_STATE_MAX }; +enum auth_request_secured { + AUTH_REQUEST_SECURED_NONE, + AUTH_REQUEST_SECURED, + AUTH_REQUEST_SECURED_TLS, +}; + struct auth_request { int refcount; @@ -108,8 +114,9 @@ struct auth_request { /* auth_debug is enabled for this request */ bool debug:1; + enum auth_request_secured secured; + /* flags received from auth client: */ - bool secured:1; bool final_resp_ok:1; bool no_penalty:1; bool valid_client_cert:1; diff --git a/src/auth/test-auth-request-var-expand.c b/src/auth/test-auth-request-var-expand.c index b74cb2b021..af55f1932e 100644 --- a/src/auth/test-auth-request-var-expand.c +++ b/src/auth/test-auth-request-var-expand.c @@ -30,7 +30,7 @@ static struct auth_request default_test_request = { .client_pid = 54321, .mech_password = "-password", .mech_name = "-mech", - .secured = TRUE, + .secured = AUTH_REQUEST_SECURED, .local_port = 21, .remote_port = 210, .valid_client_cert = TRUE, @@ -122,7 +122,7 @@ static void test_auth_request_var_expand_flags(void) test_begin("auth request var expand flags"); test_request.userdb_lookup = FALSE; - test_request.secured = FALSE; + test_request.secured = AUTH_REQUEST_SECURED_NONE; test_request.valid_client_cert = FALSE; test_assert(var_expand(str, test_input, auth_request_get_var_expand_table(&test_request, test_escape), @@ -130,7 +130,7 @@ static void test_auth_request_var_expand_flags(void) test_assert(strcmp(str_c(str), "40\n\n\n") == 0); test_request.userdb_lookup = TRUE; - test_request.secured = TRUE; + test_request.secured = AUTH_REQUEST_SECURED; test_request.valid_client_cert = TRUE; str_truncate(str, 0);