dovecot: If proxying tries to loop to itself, fail the login and...

dovecot at dovecot.org dovecot at dovecot.org
Sun Jan 6 01:56:41 EET 2008 

details:   http://hg.dovecot.org/dovecot/rev/df5e4bea11e2
changeset: 7116:df5e4bea11e2
user:      Timo Sirainen <tss at iki.fi>
date:      Sun Jan 06 01:50:13 2008 +0200
description:
If proxying tries to loop to itself, fail the login and log an error.

diffstat:

1 file changed, 12 insertions(+), 6 deletions(-)
src/imap-login/client-authenticate.c |   18 ++++++++++++------

diffs (54 lines):

diff -r fc06e748f8e4 -r df5e4bea11e2 src/imap-login/client-authenticate.c
--- a/src/imap-login/client-authenticate.c	Sun Jan 06 01:38:52 2008 +0200
+++ b/src/imap-login/client-authenticate.c	Sun Jan 06 01:50:13 2008 +0200
@@ -94,7 +94,7 @@ static bool client_handle_args(struct im
 	const char *reason = NULL, *host = NULL, *destuser = NULL, *pass = NULL;
 	string_t *reply;
 	unsigned int port = 143;
-	bool proxy = FALSE, temp = FALSE, nologin = !success;
+	bool proxy = FALSE, temp = FALSE, nologin = !success, proxy_self;
 
 	for (; *args != NULL; args++) {
 		if (strcmp(*args, "nologin") == 0)
@@ -118,8 +118,9 @@ static bool client_handle_args(struct im
 	if (destuser == NULL)
 		destuser = client->common.virtual_user;
 
-	if (proxy &&
-	    !login_proxy_is_ourself(&client->common, host, port, destuser)) {
+	proxy_self = proxy &&
+		login_proxy_is_ourself(&client->common, host, port, destuser);
+	if (proxy && !proxy_self) {
 		/* we want to proxy the connection to another server.
 		   don't do this unless authentication succeeded. with
 		   master user proxying we can get FAIL with proxy still set.
@@ -162,13 +163,18 @@ static bool client_handle_args(struct im
 			client_destroy(client, "Login with referral");
 			return TRUE;
 		}
-	} else if (nologin) {
+	} else if (nologin || proxy_self) {
 		/* Authentication went ok, but for some reason user isn't
 		   allowed to log in. Shouldn't probably happen. */
+		if (proxy_self) {
+			client_syslog(&client->common,
+				      "Proxying loops to itself");
+		}
+
 		reply = t_str_new(128);
 		if (reason != NULL)
 			str_printfa(reply, "NO %s", reason);
-		else if (temp)
+		else if (temp || proxy_self)
 			str_append(reply, "NO "AUTH_TEMP_FAILED_MSG);
 		else
 			str_append(reply, "NO "AUTH_FAILED_MSG);
@@ -178,7 +184,7 @@ static bool client_handle_args(struct im
 		return FALSE;
 	}
 
-	i_assert(nologin);
+	i_assert(nologin || proxy_self);
 
 	if (!client->destroyed)
 		client_auth_failed(client);

More information about the dovecot-cvs mailing list