[Dovecot] Patch (Re: Different classes of user)

John Robinson john.robinson at anonymous.org.uk
Sun Feb 18 15:12:45 UTC 2007


On 18/02/2007 13:07, Timo Sirainen wrote:
> On Sun, 2007-02-18 at 12:57 +0000, John Robinson wrote:
>> +	else if (strcmp(key, "secured") == 0)
>> +		request->tls_secured = 1;
> 
> Note that "secured" doesn't necessarily mean SSL/TLS. It's also set if
> you're logging in from the same computer (local ip == remote ip).

I guess it ought just to be called "secured" then, not "tls_secured", 
but I was only doing what you said :-)

[...]
> I'd remove t_push/t_pop and use service = str_c(expanded_service)
> directly. p_strdup()ing from request pool uses more memory a bit longer.

Well, I copied'n'pasted from auth-request.c:auth_request_fix_username() 
which has an example of expanding a string, rather than really knowing 
what all those things did, hoping that they did it safely and securely.

> Otherwise looks ok. But I think I'll add this to CVS HEAD and not v1.0.
> I'm at least trying to keep a feature freeze. :)

Oh go on, it's not likely to hurt any existing installations...

Cheers,

John.


More information about the dovecot mailing list