Mercurial > dovecot > original-hg > dovecot-1.2

changeset 1473:7709e997903f HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Don't advertise AUTH=PLAIN in capability if disable_plaintext_auth = yes and SSL/TLS is not yet negotiated.
author Timo Sirainen <tss@iki.fi>
date Fri, 16 May 2003 20:05:42 +0300
parents 74e28b26b4eb
children e0065ebba5b3
files src/imap-login/client-authenticate.c src/imap-login/client-authenticate.h src/imap-login/client.c src/pop3-login/client-authenticate.c
diffstat 4 files changed, 11 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/src/imap-login/client-authenticate.c	Thu May 15 22:42:12 2003 +0300
+++ b/src/imap-login/client-authenticate.c	Fri May 16 20:05:42 2003 +0300
@@ -19,7 +19,7 @@
 static enum auth_mech auth_mechs = 0;
 static char *auth_mechs_capability = NULL;
 
-const char *client_authenticate_get_capabilities(void)
+const char *client_authenticate_get_capabilities(int tls)
 {
 	string_t *str;
 	int i;
@@ -34,7 +34,9 @@
 
 	for (i = 0; i < AUTH_MECH_COUNT; i++) {
 		if ((auth_mechs & auth_mech_desc[i].mech) &&
-		    auth_mech_desc[i].name != NULL) {
+		    auth_mech_desc[i].name != NULL &&
+		    (tls || !auth_mech_desc[i].plaintext ||
+		     !disable_plaintext_auth)) {
 			str_append_c(str, ' ');
 			str_append(str, "AUTH=");
 			str_append(str, auth_mech_desc[i].name);
--- a/src/imap-login/client-authenticate.h	Thu May 15 22:42:12 2003 +0300
+++ b/src/imap-login/client-authenticate.h	Fri May 16 20:05:42 2003 +0300
@@ -1,7 +1,7 @@
 #ifndef __CLIENT_AUTHENTICATE_H
 #define __CLIENT_AUTHENTICATE_H
 
-const char *client_authenticate_get_capabilities(void);
+const char *client_authenticate_get_capabilities(int tls);
 
 int cmd_login(struct imap_client *client, struct imap_arg *args);
 int cmd_authenticate(struct imap_client *client, struct imap_arg *args);
--- a/src/imap-login/client.c	Thu May 15 22:42:12 2003 +0300
+++ b/src/imap-login/client.c	Fri May 16 20:05:42 2003 +0300
@@ -89,14 +89,13 @@
 
 static int cmd_capability(struct imap_client *client)
 {
-	const char *capability;
+	const char *capability, *auths;
 
+	auths = client_authenticate_get_capabilities(client->tls);
 	capability = t_strconcat("* CAPABILITY " CAPABILITY_STRING,
 				 ssl_initialized ? " STARTTLS" : "",
 				 disable_plaintext_auth && !client->tls ?
-				 " LOGINDISABLED" : "",
-				 client_authenticate_get_capabilities(),
-				 NULL);
+				 " LOGINDISABLED" : "", auths, NULL);
 	client_send_line(client, capability);
 	client_send_tagline(client, "OK Capability completed.");
 	return TRUE;
--- a/src/pop3-login/client-authenticate.c	Thu May 15 22:42:12 2003 +0300
+++ b/src/pop3-login/client-authenticate.c	Fri May 16 20:05:42 2003 +0300
@@ -33,7 +33,9 @@
 		str_append(str, "SASL");
 		for (i = 0; i < AUTH_MECH_COUNT; i++) {
 			if ((auth_mechs & auth_mech_desc[i].mech) &&
-			    auth_mech_desc[i].name != NULL) {
+			    auth_mech_desc[i].name != NULL &&
+			    (client->tls || !auth_mech_desc[i].plaintext ||
+			     !disable_plaintext_auth)) {
 				str_append_c(str, ' ');
 				str_append(str, auth_mech_desc[i].name);
 			}