Mercurial > dovecot > original-hg > dovecot-1.2

changeset 4467:eaab43f6f65f HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Removed hardcoded 127.* and ::1 IP checks. Instead just check that local IP matches remote IP to assume the connection is secure.
author Timo Sirainen <tss@iki.fi>
date Sat, 01 Jul 2006 23:09:36 +0300
parents 50861235f77f
children ce47b2f84cdb
files dovecot-example.conf src/imap-login/client.c src/pop3-login/client.c
diffstat 3 files changed, 5 insertions(+), 17 deletions(-) [+]
line wrap: on
line diff
--- a/dovecot-example.conf	Sat Jul 01 22:42:27 2006 +0300
+++ b/dovecot-example.conf	Sat Jul 01 23:09:36 2006 +0300
@@ -38,9 +38,9 @@
 #listen = *
 
 # Disable LOGIN command and all other plaintext authentications unless
-# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and
-# IPv6 ::1 addresses are considered secure, this setting has no effect if
-# you connect from those addresses.
+# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
+# matches the local IP (ie. you're connecting from the same computer), the
+# connection is considered secure and plaintext authentication is allowed.
 #disable_plaintext_auth = yes
 
 # Should all IMAP and POP3 processes be killed when Dovecot master process
--- a/src/imap-login/client.c	Sat Jul 01 22:42:27 2006 +0300
+++ b/src/imap-login/client.c	Sat Jul 01 23:09:36 2006 +0300
@@ -411,7 +411,6 @@
 			     const struct ip_addr *ip)
 {
 	struct imap_client *client;
-	const char *addr;
 
 	if (max_logging_users > CLIENT_DESTROY_OLDEST_COUNT &&
 	    hash_size(clients) >= max_logging_users) {
@@ -427,12 +426,7 @@
 	client->created = ioloop_time;
 	client->refcount = 1;
 	client->common.tls = ssl;
-
-        addr = net_ip2addr(ip);
-	client->common.secured = ssl ||
-		(IPADDR_IS_V4(ip) && strncmp(addr, "127.", 4) == 0) ||
-		(IPADDR_IS_V6(ip) && (strcmp(addr, "::1") == 0 ||
-				      strncmp(addr, "::ffff:127.", 11) == 0));
+	client->common.secured = ssl || net_ip_compare(ip, local_ip);
 
 	client->common.local_ip = *local_ip;
 	client->common.ip = *ip;
--- a/src/pop3-login/client.c	Sat Jul 01 22:42:27 2006 +0300
+++ b/src/pop3-login/client.c	Sat Jul 01 23:09:36 2006 +0300
@@ -304,7 +304,6 @@
 			     const struct ip_addr *ip)
 {
 	struct pop3_client *client;
-	const char *addr;
 
 	if (max_logging_users > CLIENT_DESTROY_OLDEST_COUNT &&
 	    hash_size(clients) >= max_logging_users) {
@@ -320,12 +319,7 @@
 	client->created = ioloop_time;
 	client->refcount = 1;
 	client->common.tls = ssl;
-
-        addr = net_ip2addr(ip);
-	client->common.secured = ssl ||
-		(IPADDR_IS_V4(ip) && strncmp(addr, "127.", 4) == 0) ||
-		(IPADDR_IS_V6(ip) && (strcmp(addr, "::1") == 0 ||
-				      strncmp(addr, "::ffff:127.", 11) == 0));
+	client->common.secured = ssl || net_ip_compare(ip, local_ip);
 
 	client->common.local_ip = *local_ip;
 	client->common.ip = *ip;