[Dovecot] Patch (Re: Different classes of user)
john.robinson at anonymous.org.uk
Sun Feb 18 15:12:45 UTC 2007
On 18/02/2007 13:07, Timo Sirainen wrote:
> On Sun, 2007-02-18 at 12:57 +0000, John Robinson wrote:
>> + else if (strcmp(key, "secured") == 0)
>> + request->tls_secured = 1;
> Note that "secured" doesn't necessarily mean SSL/TLS. It's also set if
> you're logging in from the same computer (local ip == remote ip).
I guess it ought just to be called "secured" then, not "tls_secured",
but I was only doing what you said :-)
> I'd remove t_push/t_pop and use service = str_c(expanded_service)
> directly. p_strdup()ing from request pool uses more memory a bit longer.
Well, I copied'n'pasted from auth-request.c:auth_request_fix_username()
which has an example of expanding a string, rather than really knowing
what all those things did, hoping that they did it safely and securely.
> Otherwise looks ok. But I think I'll add this to CVS HEAD and not v1.0.
> I'm at least trying to keep a feature freeze. :)
Oh go on, it's not likely to hurt any existing installations...
More information about the dovecot