diff --git a/ChangeLog b/ChangeLog index 2b35e8087..cfc4cf35c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +2007-07-13 Wolfgang Sourdeau + + * SoObjects/SOGo/SOGoUser.m ([SOGoUser +initialize]): set + acceptAnyUser to YES only when the SOGoAuthentificationMethod user + default is set to "bypass". + + * SoObjects/SOGo/SOGoAuthenticator.m ([SOGoAuthenticator + -checkLogin:_loginpassword:_pwd]): accepts unverified connections + when authMethod is set to "bypass" from now on. This would avoid a + security concern with a default installation of SOGo. + AuthentificationMethod is now prefixed with "SOGo" for better + clarity. + 2007-07-11 Wolfgang Sourdeau * UI/MailerUI/UIxMailFolderActions.m ([UIxMailFolderActions diff --git a/SoObjects/SOGo/SOGoAuthenticator.m b/SoObjects/SOGo/SOGoAuthenticator.m index edf368fb9..20856a419 100644 --- a/SoObjects/SOGo/SOGoAuthenticator.m +++ b/SoObjects/SOGo/SOGoAuthenticator.m @@ -50,7 +50,7 @@ if ((self = [super init])) { authMethod = [[NSUserDefaults standardUserDefaults] - stringForKey: @"AuthentificationMethod"]; + stringForKey: @"SOGoAuthentificationMethod"]; [authMethod retain]; } @@ -75,7 +75,8 @@ accept = [um checkLogin: _login andPassword: _pwd]; } else - accept = ([_login length] > 0); + accept = ([authMethod isEqualToString: @"bypass"] + && [_login length] > 0); return accept; // || ([_login isEqualToString: @"freebusy"] diff --git a/SoObjects/SOGo/SOGoUser.m b/SoObjects/SOGo/SOGoUser.m index 17f20876d..00d9b3f3e 100644 --- a/SoObjects/SOGo/SOGoUser.m +++ b/SoObjects/SOGo/SOGoUser.m @@ -92,7 +92,8 @@ NSString *SOGoWeekStartFirstFullWeek = @"FirstFullWeek"; ASSIGN (superUsername, nsUsername); } - acceptAnyUser = (![ud stringForKey: @"AuthentificationMethod"]); + acceptAnyUser = ([[ud stringForKey: @"SOGoAuthentificationMethod"] + isEqualToString: @"bypass"]); } + (SOGoUser *) userWithLogin: (NSString *) newLogin