dovecot-2.2: *-login: ssl=required should imply disable_plaintex...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.2/rev/787ef06c4c95
changeset: 16390:787ef06c4c95
user:      Timo Sirainen <tss at iki.fi>
date:      Wed May 22 15:57:13 2013 +0300
description:
*-login: ssl=required should imply disable_plaintext_auth=yes

diffstat:

 src/imap-login/client.c               |  4 +++-
 src/login-common/client-common-auth.c |  3 ++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diffs (34 lines):

diff -r 3b6ec8db4166 -r 787ef06c4c95 src/imap-login/client.c
--- a/src/imap-login/client.c	Wed May 22 15:44:05 2013 +0300
+++ b/src/imap-login/client.c	Wed May 22 15:57:13 2013 +0300
@@ -12,6 +12,7 @@
 #include "imap-id.h"
 #include "imap-resp-code.h"
 #include "master-service.h"
+#include "master-service-ssl-settings.h"
 #include "master-auth.h"
 #include "client.h"
 #include "client-authenticate.h"
@@ -64,7 +65,8 @@
 
 	if (client_is_tls_enabled(client) && !client->tls)
 		str_append(cap_str, " STARTTLS");
-	if (client->set->disable_plaintext_auth && !client->secured)
+	if (!client->secured & (client->set->disable_plaintext_auth ||
+				strcmp(client->ssl_set->ssl, "required") == 0))
 		str_append(cap_str, " LOGINDISABLED");
 
 	client_authenticate_get_capabilities(client, cap_str);
diff -r 3b6ec8db4166 -r 787ef06c4c95 src/login-common/client-common-auth.c
--- a/src/login-common/client-common-auth.c	Wed May 22 15:44:05 2013 +0300
+++ b/src/login-common/client-common-auth.c	Wed May 22 15:57:13 2013 +0300
@@ -615,7 +615,8 @@
 
 bool client_check_plaintext_auth(struct client *client, bool pass_sent)
 {
-	if (client->secured || !client->set->disable_plaintext_auth)
+	if (client->secured || (!client->set->disable_plaintext_auth &&
+				strcmp(client->ssl_set->ssl, "required") != 0))
 		return TRUE;
 
 	if (client->set->auth_verbose) {