Mercurial > dovecot > original-hg > dovecot-2.1
changeset 14622:258c2e231357
login: Don't allow STARTTLS if ssl=no in client's settings, even if ssl=yes globally.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 17 Jul 2012 15:28:24 +0300 |
parents | 77b52599e883 |
children | d01a06d821cf |
files | src/imap-login/client.c src/login-common/client-common.c src/login-common/client-common.h src/pop3-login/client-authenticate.c |
diffstat | 4 files changed, 9 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/imap-login/client.c Tue Jul 17 15:21:32 2012 +0300 +++ b/src/imap-login/client.c Tue Jul 17 15:28:24 2012 +0300 @@ -62,7 +62,7 @@ str_append(cap_str, imap_client->set->imap_capability + 1); } - if (ssl_initialized && !client->tls) + if (client_is_tls_enabled(client) && !client->tls) str_append(cap_str, " STARTTLS"); if (client->set->disable_plaintext_auth && !client->secured) str_append(cap_str, " LOGINDISABLED");
--- a/src/login-common/client-common.c Tue Jul 17 15:21:32 2012 +0300 +++ b/src/login-common/client-common.c Tue Jul 17 15:28:24 2012 +0300 @@ -346,7 +346,7 @@ return; } - if (!ssl_initialized) { + if (!client_is_tls_enabled(client)) { client_send_line(client, CLIENT_CMD_REPLY_BAD, "TLS support isn't enabled."); return; @@ -591,6 +591,11 @@ return FALSE; } +bool client_is_tls_enabled(struct client *client) +{ + return ssl_initialized && strcmp(client->set->ssl, "no") != 0; +} + const char *client_get_extra_disconnect_reason(struct client *client) { unsigned int auth_secs = client->auth_first_started == 0 ? 0 :
--- a/src/login-common/client-common.h Tue Jul 17 15:21:32 2012 +0300 +++ b/src/login-common/client-common.h Tue Jul 17 15:28:24 2012 +0300 @@ -168,6 +168,7 @@ const char *client_get_extra_disconnect_reason(struct client *client); bool client_is_trusted(struct client *client); void client_auth_failed(struct client *client); +bool client_is_tls_enabled(struct client *client); const char *client_get_session_id(struct client *client); bool client_read(struct client *client);
--- a/src/pop3-login/client-authenticate.c Tue Jul 17 15:21:32 2012 +0300 +++ b/src/pop3-login/client-authenticate.c Tue Jul 17 15:28:24 2012 +0300 @@ -33,7 +33,7 @@ str_append(str, "+OK\r\n"); str_append(str, capability_string); - if (ssl_initialized && !client->common.tls) + if (client_is_tls_enabled(&client->common) && !client->common.tls) str_append(str, "STLS\r\n"); if (!client->common.set->disable_plaintext_auth || client->common.secured)