dovecot-2.2: login: Don't allow STARTTLS if ssl=no in client's s...
dovecot at dovecot.org
dovecot at dovecot.org
Fri Aug 10 05:24:40 EEST 2012
details: http://hg.dovecot.org/dovecot-2.2/rev/258c2e231357
changeset: 14800:258c2e231357
user: Timo Sirainen <tss at iki.fi>
date: Tue Jul 17 15:28:24 2012 +0300
description:
login: Don't allow STARTTLS if ssl=no in client's settings, even if ssl=yes globally.
diffstat:
src/imap-login/client.c | 2 +-
src/login-common/client-common.c | 7 ++++++-
src/login-common/client-common.h | 1 +
src/pop3-login/client-authenticate.c | 2 +-
4 files changed, 9 insertions(+), 3 deletions(-)
diffs (59 lines):
diff -r 77b52599e883 -r 258c2e231357 src/imap-login/client.c
--- a/src/imap-login/client.c Tue Jul 17 15:21:32 2012 +0300
+++ b/src/imap-login/client.c Tue Jul 17 15:28:24 2012 +0300
@@ -62,7 +62,7 @@
str_append(cap_str, imap_client->set->imap_capability + 1);
}
- if (ssl_initialized && !client->tls)
+ if (client_is_tls_enabled(client) && !client->tls)
str_append(cap_str, " STARTTLS");
if (client->set->disable_plaintext_auth && !client->secured)
str_append(cap_str, " LOGINDISABLED");
diff -r 77b52599e883 -r 258c2e231357 src/login-common/client-common.c
--- a/src/login-common/client-common.c Tue Jul 17 15:21:32 2012 +0300
+++ b/src/login-common/client-common.c Tue Jul 17 15:28:24 2012 +0300
@@ -346,7 +346,7 @@
return;
}
- if (!ssl_initialized) {
+ if (!client_is_tls_enabled(client)) {
client_send_line(client, CLIENT_CMD_REPLY_BAD,
"TLS support isn't enabled.");
return;
@@ -591,6 +591,11 @@
return FALSE;
}
+bool client_is_tls_enabled(struct client *client)
+{
+ return ssl_initialized && strcmp(client->set->ssl, "no") != 0;
+}
+
const char *client_get_extra_disconnect_reason(struct client *client)
{
unsigned int auth_secs = client->auth_first_started == 0 ? 0 :
diff -r 77b52599e883 -r 258c2e231357 src/login-common/client-common.h
--- a/src/login-common/client-common.h Tue Jul 17 15:21:32 2012 +0300
+++ b/src/login-common/client-common.h Tue Jul 17 15:28:24 2012 +0300
@@ -168,6 +168,7 @@
const char *client_get_extra_disconnect_reason(struct client *client);
bool client_is_trusted(struct client *client);
void client_auth_failed(struct client *client);
+bool client_is_tls_enabled(struct client *client);
const char *client_get_session_id(struct client *client);
bool client_read(struct client *client);
diff -r 77b52599e883 -r 258c2e231357 src/pop3-login/client-authenticate.c
--- a/src/pop3-login/client-authenticate.c Tue Jul 17 15:21:32 2012 +0300
+++ b/src/pop3-login/client-authenticate.c Tue Jul 17 15:28:24 2012 +0300
@@ -33,7 +33,7 @@
str_append(str, "+OK\r\n");
str_append(str, capability_string);
- if (ssl_initialized && !client->common.tls)
+ if (client_is_tls_enabled(&client->common) && !client->common.tls)
str_append(str, "STLS\r\n");
if (!client->common.set->disable_plaintext_auth ||
client->common.secured)
More information about the dovecot-cvs
mailing list