Mercurial > dovecot > original-hg > dovecot-1.2
changeset 7116:df5e4bea11e2 HEAD
If proxying tries to loop to itself, fail the login and log an error.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 06 Jan 2008 01:50:13 +0200 |
parents | fc06e748f8e4 |
children | 769181a20483 |
files | src/imap-login/client-authenticate.c |
diffstat | 1 files changed, 12 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/src/imap-login/client-authenticate.c Sun Jan 06 01:38:52 2008 +0200 +++ b/src/imap-login/client-authenticate.c Sun Jan 06 01:50:13 2008 +0200 @@ -94,7 +94,7 @@ const char *reason = NULL, *host = NULL, *destuser = NULL, *pass = NULL; string_t *reply; unsigned int port = 143; - bool proxy = FALSE, temp = FALSE, nologin = !success; + bool proxy = FALSE, temp = FALSE, nologin = !success, proxy_self; for (; *args != NULL; args++) { if (strcmp(*args, "nologin") == 0) @@ -118,8 +118,9 @@ if (destuser == NULL) destuser = client->common.virtual_user; - if (proxy && - !login_proxy_is_ourself(&client->common, host, port, destuser)) { + proxy_self = proxy && + login_proxy_is_ourself(&client->common, host, port, destuser); + if (proxy && !proxy_self) { /* we want to proxy the connection to another server. don't do this unless authentication succeeded. with master user proxying we can get FAIL with proxy still set. @@ -162,13 +163,18 @@ client_destroy(client, "Login with referral"); return TRUE; } - } else if (nologin) { + } else if (nologin || proxy_self) { /* Authentication went ok, but for some reason user isn't allowed to log in. Shouldn't probably happen. */ + if (proxy_self) { + client_syslog(&client->common, + "Proxying loops to itself"); + } + reply = t_str_new(128); if (reason != NULL) str_printfa(reply, "NO %s", reason); - else if (temp) + else if (temp || proxy_self) str_append(reply, "NO "AUTH_TEMP_FAILED_MSG); else str_append(reply, "NO "AUTH_FAILED_MSG); @@ -178,7 +184,7 @@ return FALSE; } - i_assert(nologin); + i_assert(nologin || proxy_self); if (!client->destroyed) client_auth_failed(client);