Mercurial > dovecot > original-hg > dovecot-1.2
changeset 4467:eaab43f6f65f HEAD
Removed hardcoded 127.* and ::1 IP checks. Instead just check that local IP
matches remote IP to assume the connection is secure.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sat, 01 Jul 2006 23:09:36 +0300 |
parents | 50861235f77f |
children | ce47b2f84cdb |
files | dovecot-example.conf src/imap-login/client.c src/pop3-login/client.c |
diffstat | 3 files changed, 5 insertions(+), 17 deletions(-) [+] |
line wrap: on
line diff
--- a/dovecot-example.conf Sat Jul 01 22:42:27 2006 +0300 +++ b/dovecot-example.conf Sat Jul 01 23:09:36 2006 +0300 @@ -38,9 +38,9 @@ #listen = * # Disable LOGIN command and all other plaintext authentications unless -# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and -# IPv6 ::1 addresses are considered secure, this setting has no effect if -# you connect from those addresses. +# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP +# matches the local IP (ie. you're connecting from the same computer), the +# connection is considered secure and plaintext authentication is allowed. #disable_plaintext_auth = yes # Should all IMAP and POP3 processes be killed when Dovecot master process
--- a/src/imap-login/client.c Sat Jul 01 22:42:27 2006 +0300 +++ b/src/imap-login/client.c Sat Jul 01 23:09:36 2006 +0300 @@ -411,7 +411,6 @@ const struct ip_addr *ip) { struct imap_client *client; - const char *addr; if (max_logging_users > CLIENT_DESTROY_OLDEST_COUNT && hash_size(clients) >= max_logging_users) { @@ -427,12 +426,7 @@ client->created = ioloop_time; client->refcount = 1; client->common.tls = ssl; - - addr = net_ip2addr(ip); - client->common.secured = ssl || - (IPADDR_IS_V4(ip) && strncmp(addr, "127.", 4) == 0) || - (IPADDR_IS_V6(ip) && (strcmp(addr, "::1") == 0 || - strncmp(addr, "::ffff:127.", 11) == 0)); + client->common.secured = ssl || net_ip_compare(ip, local_ip); client->common.local_ip = *local_ip; client->common.ip = *ip;
--- a/src/pop3-login/client.c Sat Jul 01 22:42:27 2006 +0300 +++ b/src/pop3-login/client.c Sat Jul 01 23:09:36 2006 +0300 @@ -304,7 +304,6 @@ const struct ip_addr *ip) { struct pop3_client *client; - const char *addr; if (max_logging_users > CLIENT_DESTROY_OLDEST_COUNT && hash_size(clients) >= max_logging_users) { @@ -320,12 +319,7 @@ client->created = ioloop_time; client->refcount = 1; client->common.tls = ssl; - - addr = net_ip2addr(ip); - client->common.secured = ssl || - (IPADDR_IS_V4(ip) && strncmp(addr, "127.", 4) == 0) || - (IPADDR_IS_V6(ip) && (strcmp(addr, "::1") == 0 || - strncmp(addr, "::ffff:127.", 11) == 0)); + client->common.secured = ssl || net_ip_compare(ip, local_ip); client->common.local_ip = *local_ip; client->common.ip = *ip;