From: Simon Schubert <corecode@dragonflybsd.org>
Date: Thu, 16 Jul 2009 11:43:28 +0000 (+0200)
Subject: dma: treat encrypted connections as secure
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=994b9c060eb78a73bb6e56bfa8b59f4a0f91633e;p=people%2Fms%2Fdma.git

dma: treat encrypted connections as secure

Users have to set the INSECURE config option to allow dma to send
plaintext passwords on login.  This commit allows dma to send plaintext
passwords through TLS connections even if the INSECURE config option is
not set.

The downside is that this allows a man-in-the-middle attack on the
password exchange.  The only solution to this is checking the server
certificate, but we don't do that (yet).
---

diff --git a/net.c b/net.c
index 4a5ded5..d9af354 100644
--- a/net.c
+++ b/net.c
@@ -209,7 +209,8 @@ smtp_login(struct qitem *it, int fd, char *login, char* password)
 		return (-1);
 	}
 
-	if ((config->features & INSECURE) != 0) {
+	if ((config->features & INSECURE) != 0 ||
+	    (config->features & SECURETRANS) != 0) {
 		/* Send AUTH command according to RFC 2554 */
 		send_remote_command(fd, "AUTH LOGIN");
 		if (read_remote(fd, 0, NULL) != 3) {