From: Timo Sirainen <tss@iki.fi>
Date: Sun, 24 Aug 2003 07:55:23 +0000 (+0300)
Subject: disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
X-Git-Tag: 1.1.alpha1~4381
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=31e020ffe023c80d3dc70d3625c0633187620638;p=thirdparty%2Fdovecot%2Fcore.git

disable_plaintext_auth defaults to yes now. ipv4 127.* and ipv6 ::1
addresses are considered secure however and plaintext authentication is
allowed from them.

--HG--
branch : HEAD
---

diff --git a/dovecot-example.conf b/dovecot-example.conf
index 34841b648b..f8fb0ff1eb 100644
--- a/dovecot-example.conf
+++ b/dovecot-example.conf
@@ -44,8 +44,10 @@
 #ssl_parameters_regenerate = 24
 
 # Disable LOGIN command and all other plaintext authentications unless
-# SSL/TLS is used (LOGINDISABLED capability)
-#disable_plaintext_auth = no
+# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and
+# IPv6 ::1 addresses are considered secure, this setting has no effect if
+# you connect from those addresses.
+#disable_plaintext_auth = yes
 
 # Use this logfile instead of syslog(). /dev/stderr can be used if you want to
 # use stderr for logging (ONLY /dev/stderr - otherwise it is closed).
diff --git a/src/imap-login/client-authenticate.c b/src/imap-login/client-authenticate.c
index 6ff93ad0ed..73838736c6 100644
--- a/src/imap-login/client-authenticate.c
+++ b/src/imap-login/client-authenticate.c
@@ -16,7 +16,7 @@
 #include "auth-common.h"
 #include "master.h"
 
-const char *client_authenticate_get_capabilities(int tls)
+const char *client_authenticate_get_capabilities(int secured)
 {
 	static enum auth_mech cached_auth_mechs = 0;
 	static char *cached_capability = NULL;
@@ -36,7 +36,7 @@ const char *client_authenticate_get_capabilities(int tls)
 	for (i = 0; i < AUTH_MECH_COUNT; i++) {
 		if ((auth_mechs & auth_mech_desc[i].mech) &&
 		    auth_mech_desc[i].name != NULL &&
-		    (tls || !auth_mech_desc[i].plaintext ||
+		    (secured || !auth_mech_desc[i].plaintext ||
 		     !disable_plaintext_auth)) {
 			str_append_c(str, ' ');
 			str_append(str, "AUTH=");
@@ -167,10 +167,10 @@ int cmd_login(struct imap_client *client, struct imap_arg *args)
 	user = IMAP_ARG_STR(&args[0]);
 	pass = IMAP_ARG_STR(&args[1]);
 
-	if (!client->tls && disable_plaintext_auth) {
+	if (!client->secured && disable_plaintext_auth) {
 		client_send_line(client,
 			"* BAD [ALERT] Plaintext authentication is disabled, "
-			"but your client sent password in plaintext anyway."
+			"but your client sent password in plaintext anyway. "
 			"If anyone was listening, the password was exposed.");
 		client_send_tagline(client,
 				    "NO Plaintext authentication disabled.");
@@ -304,7 +304,7 @@ int cmd_authenticate(struct imap_client *client, struct imap_arg *args)
 		return TRUE;
 	}
 
-	if (!client->tls && mech->plaintext && disable_plaintext_auth) {
+	if (!client->secured && mech->plaintext && disable_plaintext_auth) {
 		client_send_tagline(client,
 				    "NO Plaintext authentication disabled.");
 		return TRUE;
diff --git a/src/imap-login/client-authenticate.h b/src/imap-login/client-authenticate.h
index 9883c60c43..064cad7aad 100644
--- a/src/imap-login/client-authenticate.h
+++ b/src/imap-login/client-authenticate.h
@@ -1,7 +1,7 @@
 #ifndef __CLIENT_AUTHENTICATE_H
 #define __CLIENT_AUTHENTICATE_H
 
-const char *client_authenticate_get_capabilities(int tls);
+const char *client_authenticate_get_capabilities(int secured);
 
 int cmd_login(struct imap_client *client, struct imap_arg *args);
 int cmd_authenticate(struct imap_client *client, struct imap_arg *args);
diff --git a/src/imap-login/client.c b/src/imap-login/client.c
index 35da157a3c..838d30a91c 100644
--- a/src/imap-login/client.c
+++ b/src/imap-login/client.c
@@ -89,11 +89,11 @@ static int cmd_capability(struct imap_client *client)
 {
 	const char *capability, *auths;
 
-	auths = client_authenticate_get_capabilities(client->tls);
+	auths = client_authenticate_get_capabilities(client->secured);
 	capability = t_strconcat("* CAPABILITY " CAPABILITY_STRING,
 				 (ssl_initialized && !client->tls) ?
 				 " STARTTLS" : "",
-				 disable_plaintext_auth && !client->tls ?
+				 disable_plaintext_auth && !client->secured ?
 				 " LOGINDISABLED" : "", auths, NULL);
 	client_send_line(client, capability);
 	client_send_tagline(client, "OK Capability completed.");
@@ -127,6 +127,7 @@ static int cmd_starttls(struct imap_client *client)
 	fd_ssl = ssl_proxy_new(client->common.fd, &client->common.ip);
 	if (fd_ssl != -1) {
 		client->tls = TRUE;
+		client->secured = TRUE;
                 client_set_title(client);
 
 		/* we skipped it already, so don't ignore next command */
@@ -339,6 +340,7 @@ static void client_destroy_oldest(void)
 struct client *client_create(int fd, struct ip_addr *ip, int ssl)
 {
 	struct imap_client *client;
+	const char *addr;
 
 	if (max_logging_users > CLIENT_DESTROY_OLDEST_COUNT &&
 	    hash_size(clients) >= max_logging_users) {
@@ -355,6 +357,11 @@ struct client *client_create(int fd, struct ip_addr *ip, int ssl)
 	client->refcount = 1;
 	client->tls = ssl;
 
+        addr = net_ip2addr(ip);
+	client->secured = ssl ||
+		(IPADDR_IS_V4(ip) && strncmp(addr, "127.", 4) == 0) ||
+		(IPADDR_IS_V6(ip) && strcmp(addr, "::1") == 0);
+
 	client->common.ip = *ip;
 	client->common.fd = fd;
 
diff --git a/src/imap-login/client.h b/src/imap-login/client.h
index ffb219b1cd..08fcca0009 100644
--- a/src/imap-login/client.h
+++ b/src/imap-login/client.h
@@ -23,6 +23,7 @@ struct imap_client {
 	buffer_t *plain_login;
 
 	unsigned int tls:1;
+	unsigned int secured:1;
 	unsigned int cmd_finished:1;
 	unsigned int skip_line:1;
 	unsigned int input_blocked:1;
diff --git a/src/master/master-settings.c b/src/master/master-settings.c
index 4e099fa49a..caaf144b5e 100644
--- a/src/master/master-settings.c
+++ b/src/master/master-settings.c
@@ -165,7 +165,7 @@ struct settings default_settings = {
 	MEMBER(ssl_key_file) SSLDIR"/private/dovecot.pem",
 	MEMBER(ssl_parameters_file) "ssl-parameters.dat",
 	MEMBER(ssl_parameters_regenerate) 24,
-	MEMBER(disable_plaintext_auth) FALSE,
+	MEMBER(disable_plaintext_auth) TRUE,
 	MEMBER(verbose_ssl) FALSE,
 
 	/* login */
diff --git a/src/pop3-login/client-authenticate.c b/src/pop3-login/client-authenticate.c
index 9fcc3ea494..dadebd158c 100644
--- a/src/pop3-login/client-authenticate.c
+++ b/src/pop3-login/client-authenticate.c
@@ -36,7 +36,7 @@ int cmd_capa(struct pop3_client *client, const char *args __attr_unused__)
 		for (i = 0; i < AUTH_MECH_COUNT; i++) {
 			if ((auth_mechs & auth_mech_desc[i].mech) &&
 			    auth_mech_desc[i].name != NULL &&
-			    (client->tls || !auth_mech_desc[i].plaintext ||
+			    (client->secured || !auth_mech_desc[i].plaintext ||
 			     !disable_plaintext_auth)) {
 				str_append_c(str, ' ');
 				str_append(str, auth_mech_desc[i].name);
@@ -156,7 +156,7 @@ static void login_callback(struct auth_request *request,
 
 int cmd_user(struct pop3_client *client, const char *args)
 {
-	if (!client->tls && disable_plaintext_auth) {
+	if (!client->secured && disable_plaintext_auth) {
 		client_send_line(client,
 				 "-ERR Plaintext authentication disabled.");
 		return TRUE;
@@ -284,7 +284,7 @@ int cmd_auth(struct pop3_client *client, const char *args)
 		return TRUE;
 	}
 
-	if (!client->tls && mech->plaintext && disable_plaintext_auth) {
+	if (!client->secured && mech->plaintext && disable_plaintext_auth) {
 		client_send_line(client,
 				 "-ERR Plaintext authentication disabled.");
 		return TRUE;
diff --git a/src/pop3-login/client.c b/src/pop3-login/client.c
index 95db8d7b7a..5e7a8d8650 100644
--- a/src/pop3-login/client.c
+++ b/src/pop3-login/client.c
@@ -83,6 +83,7 @@ static int cmd_stls(struct pop3_client *client)
 	fd_ssl = ssl_proxy_new(client->common.fd, &client->common.ip);
 	if (fd_ssl != -1) {
 		client->tls = TRUE;
+		client->secured = TRUE;
                 client_set_title(client);
 
 		client->common.fd = fd_ssl;
@@ -234,6 +235,7 @@ static void client_destroy_oldest(void)
 struct client *client_create(int fd, struct ip_addr *ip, int ssl)
 {
 	struct pop3_client *client;
+	const char *addr;
 
 	if (max_logging_users > CLIENT_DESTROY_OLDEST_COUNT &&
 	    hash_size(clients) >= max_logging_users) {
@@ -250,6 +252,11 @@ struct client *client_create(int fd, struct ip_addr *ip, int ssl)
 	client->refcount = 1;
 	client->tls = ssl;
 
+        addr = net_ip2addr(ip);
+	client->secured = ssl ||
+		(IPADDR_IS_V4(ip) && strncmp(addr, "127.", 4) == 0) ||
+		(IPADDR_IS_V6(ip) && strcmp(addr, "::1") == 0);
+
 	client->common.ip = *ip;
 	client->common.fd = fd;
 	client->common.io = io_add(fd, IO_READ, client_input, client);
diff --git a/src/pop3-login/client.h b/src/pop3-login/client.h
index ede69f871e..2aa2c315b3 100644
--- a/src/pop3-login/client.h
+++ b/src/pop3-login/client.h
@@ -20,6 +20,7 @@ struct pop3_client {
 	buffer_t *plain_login;
 
 	unsigned int tls:1;
+	unsigned int secured:1;
 	unsigned int input_blocked:1;
 	unsigned int destroyed:1;
 };