* Localhost connections are considered secure, so these can be used even

  if you have a plaintext-policy of 'deny' or 'warn'. (This was already
  the case for servers, but now also for users and opers)
https://bugs.unrealircd.org/view.php?id=5108

diff --git a/doc/RELEASE-NOTES b/doc/RELEASE-NOTES
index 01f84c774e5bae43a2e64ba198772ed8155819ce..ae33e90aa9646c9a9028a1379ed9fbf04806ca88 100644 (file)
--- a/doc/RELEASE-NOTES
+++ b/doc/RELEASE-NOTES
@@ -46,6 +46,9 @@ Major issues fixed:
 Minor issues fixed:
 * Remote includes: ./Config didn't properly detect libcurl on Ubuntu 18
   (and possibly other Linux distributions as well)
+* Localhost connections are considered secure, so these can be used even
+  if you have a plaintext-policy of 'deny' or 'warn'. (This was already
+  the case for servers, but now also for users and opers)
 
 Other changes:
 * Windows users may be prompted to install the Visual C++ redistributable

diff --git a/src/modules/m_nick.c b/src/modules/m_nick.c
index f9f18f90fab45d1c661bb3476ac7df3e803191d8..eedb5d0446e11b7cdf7597b797416adeacd6310b 100644 (file)
--- a/src/modules/m_nick.c
+++ b/src/modules/m_nick.c
@@ -1583,7 +1583,7 @@ int _register_user(aClient *cptr, aClient *sptr, char *nick, char *username, cha
                        sendto_one(sptr, rpl_str(RPL_SNOMASK),
                                me.name, sptr->name, get_snostr(user->snomask));
 
-               if (!IsSecure(sptr) && (iConf.plaintext_policy_user == PLAINTEXT_POLICY_WARN))
+               if (!IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_user == PLAINTEXT_POLICY_WARN))
                        sendnotice(sptr, "%s", iConf.plaintext_policy_user_message);
                
                /* Make creation time the real 'online since' time, excluding registration time.
@@ -1699,7 +1699,7 @@ int       AllowClient(aClient *cptr, struct hostent *hp, char *sockhost, char *usernam
        static char uhost[HOSTLEN + USERLEN + 3];
        static char fullname[HOSTLEN + 1];
 
-       if (!IsSecure(cptr) && (iConf.plaintext_policy_user == PLAINTEXT_POLICY_DENY))
+       if (!IsSecure(cptr) && !IsLocal(cptr) && (iConf.plaintext_policy_user == PLAINTEXT_POLICY_DENY))
        {
                return exit_client(cptr, cptr, &me, iConf.plaintext_policy_user_message);
        }

diff --git a/src/modules/m_oper.c b/src/modules/m_oper.c
index 4ecdce79ef0193eda8b65a47376e5670bf3234c9..f3406c35c664acdfe63edbd0d8517f2e26d0c713 100644 (file)
--- a/src/modules/m_oper.c
+++ b/src/modules/m_oper.c
@@ -114,7 +114,7 @@ CMD_FUNC(m_oper)
        name = parv[1];
        password = (parc > 2) ? parv[2] : "";
 
-       if (!IsSecure(sptr) && (iConf.plaintext_policy_oper == PLAINTEXT_POLICY_DENY))
+       if (!IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_oper == PLAINTEXT_POLICY_DENY))
        {
                /* Reject early */
                sendnotice(sptr, "%s", iConf.plaintext_policy_oper_message);
@@ -304,7 +304,7 @@ CMD_FUNC(m_oper)
                        return FLUSH_BUFFER;
        }
 
-       if (!IsSecure(sptr) && (iConf.plaintext_policy_oper == PLAINTEXT_POLICY_WARN))
+       if (!IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_oper == PLAINTEXT_POLICY_WARN))
        {
                sendnotice(sptr, "%s", iConf.plaintext_policy_oper_message);
                sendto_snomask_global

diff --git a/src/modules/m_sasl.c b/src/modules/m_sasl.c
index 83b2932845ca6e05d51319e3b5fab36cc0463d64..b6aac54bbc02e35a5e24c103a673a43e200bc65a 100644 (file)
--- a/src/modules/m_sasl.c
+++ b/src/modules/m_sasl.c
@@ -305,7 +305,7 @@ int sasl_capability_visible(aClient *sptr)
        if (!SASL_SERVER || !find_server(SASL_SERVER, NULL))
                return 0;
 
-       if (sptr && !IsSecure(sptr) && (iConf.plaintext_policy_user == PLAINTEXT_POLICY_DENY))
+       if (sptr && !IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_user == PLAINTEXT_POLICY_DENY))
                return 0;
 
        return 1;