dovecot - Sep 2008 - SSL fields as variables for SQL statements ...

Hi,

I was wondering if there is any possibility to access the status if a 
user has provided a certificate, that has been accepted or not via 
variables. And further if there is any way to get the value of SSL 
certificate fields by use variables. I'd like to use those variables in 
sql statements.

I then could assign a single certificate to a user, and make up passdb 
sql statements, that allow him to access multiple (but not all) 
mailboxes without the need to issue any further certificates.

---
Michael

On Wed, 2008-09-03 at 01:54 +0200, XhE wrote:
> Hi,
> 
> I was wondering if there is any possibility to access the status if a 
> user has provided a certificate, that has been accepted or not via 
> variables. And further if there is any way to get the value of SSL 
> certificate fields by use variables. I'd like to use those variables in
> sql statements.
> 
> I then could assign a single certificate to a user, and make up passdb 
> sql statements, that allow him to access multiple (but not all) 
> mailboxes without the need to issue any further certificates.
It does sound like a nice idea, but you'd have to modify sources for
that. The best I could do in short notice is to make "did user present a
certificate?" variable available. Other than that would require sending
the entire certificate (or at least its fields) to dovecot-auth process
and that's not done right now.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20080911/fa4cbd84/attachment-0002.bin>

Timo Sirainen wrote:
> On Wed, 2008-09-03 at 01:54 +0200, XhE wrote:
>   
>> Hi,
>>
>> I was wondering if there is any possibility to access the status if a 
>> user has provided a certificate, that has been accepted or not via 
>> variables. And further if there is any way to get the value of SSL 
>> certificate fields by use variables. I'd like to use those
variables in
>> sql statements.
>>
>> I then could assign a single certificate to a user, and make up passdb 
>> sql statements, that allow him to access multiple (but not all) 
>> mailboxes without the need to issue any further certificates.
>>     
>
> It does sound like a nice idea, but you'd have to modify sources for
> that. The best I could do in short notice is to make "did user present
a
> certificate?" variable available. Other than that would require
sending
> the entire certificate (or at least its fields) to dovecot-auth process
> and that's not done right now.
>   
Thanks, that would already help a lot!

And I see your point, that it takes some time, to make the certificate 
or the files available to dovecot-auth. That's why I thought if you 
could add an option in the mean time. Let's call it something like 
ssl_cert_auth_field and just provide the content of this field of a 
certificate. I think in most cases accessing a single field is enough. 
And in case your willing to provide a variable that makes available the 
information, if a user provided a valid certificate or not, than I guess 
this additional variable is also not the big deal, is it? :)

---Michael