[dovecot-cvs]
dovecot/src/imap-login client-authenticate.c,1.10,1.11
client-authenticate.h,1.2,1.3 client.c,1.18,1.19 client.h,1.6,1.7
cras at procontrol.fi
cras at procontrol.fi
Sun Aug 24 11:55:25 EEST 2003
Update of /home/cvs/dovecot/src/imap-login
In directory danu:/tmp/cvs-serv4540/src/imap-login
Modified Files:
client-authenticate.c client-authenticate.h client.c client.h
Log Message:
disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
addresses are considered secure however and plaintext authentication is
allowed from them.
Index: client-authenticate.c
===================================================================
RCS file: /home/cvs/dovecot/src/imap-login/client-authenticate.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- client-authenticate.c 22 Aug 2003 18:56:59 -0000 1.10
+++ client-authenticate.c 24 Aug 2003 07:55:23 -0000 1.11
@@ -16,7 +16,7 @@
#include "auth-common.h"
#include "master.h"
-const char *client_authenticate_get_capabilities(int tls)
+const char *client_authenticate_get_capabilities(int secured)
{
static enum auth_mech cached_auth_mechs = 0;
static char *cached_capability = NULL;
@@ -36,7 +36,7 @@
for (i = 0; i < AUTH_MECH_COUNT; i++) {
if ((auth_mechs & auth_mech_desc[i].mech) &&
auth_mech_desc[i].name != NULL &&
- (tls || !auth_mech_desc[i].plaintext ||
+ (secured || !auth_mech_desc[i].plaintext ||
!disable_plaintext_auth)) {
str_append_c(str, ' ');
str_append(str, "AUTH=");
@@ -167,10 +167,10 @@
user = IMAP_ARG_STR(&args[0]);
pass = IMAP_ARG_STR(&args[1]);
- if (!client->tls && disable_plaintext_auth) {
+ if (!client->secured && disable_plaintext_auth) {
client_send_line(client,
"* BAD [ALERT] Plaintext authentication is disabled, "
- "but your client sent password in plaintext anyway."
+ "but your client sent password in plaintext anyway. "
"If anyone was listening, the password was exposed.");
client_send_tagline(client,
"NO Plaintext authentication disabled.");
@@ -304,7 +304,7 @@
return TRUE;
}
- if (!client->tls && mech->plaintext && disable_plaintext_auth) {
+ if (!client->secured && mech->plaintext && disable_plaintext_auth) {
client_send_tagline(client,
"NO Plaintext authentication disabled.");
return TRUE;
Index: client-authenticate.h
===================================================================
RCS file: /home/cvs/dovecot/src/imap-login/client-authenticate.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- client-authenticate.h 16 May 2003 17:05:42 -0000 1.2
+++ client-authenticate.h 24 Aug 2003 07:55:23 -0000 1.3
@@ -1,7 +1,7 @@
#ifndef __CLIENT_AUTHENTICATE_H
#define __CLIENT_AUTHENTICATE_H
-const char *client_authenticate_get_capabilities(int tls);
+const char *client_authenticate_get_capabilities(int secured);
int cmd_login(struct imap_client *client, struct imap_arg *args);
int cmd_authenticate(struct imap_client *client, struct imap_arg *args);
Index: client.c
===================================================================
RCS file: /home/cvs/dovecot/src/imap-login/client.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- client.c 22 Aug 2003 18:56:59 -0000 1.18
+++ client.c 24 Aug 2003 07:55:23 -0000 1.19
@@ -89,11 +89,11 @@
{
const char *capability, *auths;
- auths = client_authenticate_get_capabilities(client->tls);
+ auths = client_authenticate_get_capabilities(client->secured);
capability = t_strconcat("* CAPABILITY " CAPABILITY_STRING,
(ssl_initialized && !client->tls) ?
" STARTTLS" : "",
- disable_plaintext_auth && !client->tls ?
+ disable_plaintext_auth && !client->secured ?
" LOGINDISABLED" : "", auths, NULL);
client_send_line(client, capability);
client_send_tagline(client, "OK Capability completed.");
@@ -127,6 +127,7 @@
fd_ssl = ssl_proxy_new(client->common.fd, &client->common.ip);
if (fd_ssl != -1) {
client->tls = TRUE;
+ client->secured = TRUE;
client_set_title(client);
/* we skipped it already, so don't ignore next command */
@@ -339,6 +340,7 @@
struct client *client_create(int fd, struct ip_addr *ip, int ssl)
{
struct imap_client *client;
+ const char *addr;
if (max_logging_users > CLIENT_DESTROY_OLDEST_COUNT &&
hash_size(clients) >= max_logging_users) {
@@ -354,6 +356,11 @@
client->created = ioloop_time;
client->refcount = 1;
client->tls = ssl;
+
+ addr = net_ip2addr(ip);
+ client->secured = ssl ||
+ (IPADDR_IS_V4(ip) && strncmp(addr, "127.", 4) == 0) ||
+ (IPADDR_IS_V6(ip) && strcmp(addr, "::1") == 0);
client->common.ip = *ip;
client->common.fd = fd;
Index: client.h
===================================================================
RCS file: /home/cvs/dovecot/src/imap-login/client.h,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- client.h 22 Aug 2003 18:56:59 -0000 1.6
+++ client.h 24 Aug 2003 07:55:23 -0000 1.7
@@ -23,6 +23,7 @@
buffer_t *plain_login;
unsigned int tls:1;
+ unsigned int secured:1;
unsigned int cmd_finished:1;
unsigned int skip_line:1;
unsigned int input_blocked:1;
More information about the dovecot-cvs
mailing list