]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5dd3495)
lib-sasl: Add more results to enum dsasl_client_result
authorTimo Sirainen <timo.sirainen@open-xchange.com>
Fri, 18 Jul 2025 11:02:36 +0000 (14:02 +0300)
committeraki.tuomi <aki.tuomi@open-xchange.com>
Tue, 22 Jul 2025 06:18:51 +0000 (06:18 +0000)
src/lib-sasl/dsasl-client.h patch | blob | blame | history
src/lib-sasl/mech-login.c patch | blob | blame | history
src/lib-sasl/mech-oauthbearer.c patch | blob | blame | history
src/lib-sasl/mech-plain.c patch | blob | blame | history
src/lib-sasl/mech-scram.c patch | blob | blame | history
src/lib-sasl/test-sasl-client.c patch | blob | blame | history

diff --git a/src/lib-sasl/dsasl-client.h b/src/lib-sasl/dsasl-client.h
index 38b2d345c922b5f166292fe1d928a2caed324f96..cb3c3d1b0f4c364150c0ccf8f1284755c1ab958e 100644 (file)
--- a/src/lib-sasl/dsasl-client.h
+++ b/src/lib-sasl/dsasl-client.h
@@ -15,8 +15,13 @@ struct dsasl_client_settings {
 
 enum dsasl_client_result {
        DSASL_CLIENT_RESULT_OK,
-       /* Client sent invalid SASL protocol input */
+       /* The final response from server returned a failed authentication.
+          The error string contains details. */
+       DSASL_CLIENT_RESULT_AUTH_FAILED,
+       /* Remote server sent invalid SASL protocol input */
        DSASL_CLIENT_RESULT_ERR_PROTOCOL,
+       /* Internal client error */
+       DSASL_CLIENT_RESULT_ERR_INTERNAL,
 };
 
 typedef int
diff --git a/src/lib-sasl/mech-login.c b/src/lib-sasl/mech-login.c
index 66d7a4e831a67fcaa50fb666bddeb6f3d3314bf4..1b39d809d8efc1a30cacb608f19e3dbc776bec98 100644 (file)
--- a/src/lib-sasl/mech-login.c
+++ b/src/lib-sasl/mech-login.c
@@ -42,11 +42,11 @@ mech_login_output(struct dsasl_client *_client,
 
        if (_client->set.authid == NULL) {
                *error_r = "authid not set";
-               return DSASL_CLIENT_RESULT_ERR_PROTOCOL;
+               return DSASL_CLIENT_RESULT_ERR_INTERNAL;
        }
        if (_client->password == NULL) {
                *error_r = "password not set";
-               return DSASL_CLIENT_RESULT_ERR_PROTOCOL;
+               return DSASL_CLIENT_RESULT_ERR_INTERNAL;
        }
 
        switch (client->state) {
diff --git a/src/lib-sasl/mech-oauthbearer.c b/src/lib-sasl/mech-oauthbearer.c
index 0d8c839fea7efe6aee80b992c14fea4724b3dd90..48d0e9f34732389cdc17faa928f067748d16409f 100644 (file)
--- a/src/lib-sasl/mech-oauthbearer.c
+++ b/src/lib-sasl/mech-oauthbearer.c
@@ -82,7 +82,7 @@ mech_oauthbearer_input(struct dsasl_client *_client,
 
                *error_r = t_strdup_printf("Failed to authenticate: %s",
                                           client->status);
-               return DSASL_CLIENT_RESULT_ERR_PROTOCOL;
+               return DSASL_CLIENT_RESULT_AUTH_FAILED;
        }
        return DSASL_CLIENT_RESULT_OK;
 }
@@ -98,11 +98,11 @@ mech_oauthbearer_output(struct dsasl_client *_client,
 
        if (_client->set.authid == NULL) {
                *error_r = "authid not set";
-               return DSASL_CLIENT_RESULT_ERR_PROTOCOL;
+               return DSASL_CLIENT_RESULT_ERR_INTERNAL;
        }
        if (_client->password == NULL) {
                *error_r = "password not set";
-               return DSASL_CLIENT_RESULT_ERR_PROTOCOL;
+               return DSASL_CLIENT_RESULT_ERR_INTERNAL;
        }
 
        str = str_new(_client->pool, 64);
@@ -132,11 +132,11 @@ mech_xoauth2_output(struct dsasl_client *_client,
 
        if (_client->set.authid == NULL) {
                *error_r = "authid not set";
-               return DSASL_CLIENT_RESULT_ERR_PROTOCOL;
+               return DSASL_CLIENT_RESULT_ERR_INTERNAL;
        }
        if (_client->password == NULL) {
                *error_r = "password not set";
-               return DSASL_CLIENT_RESULT_ERR_PROTOCOL;
+               return DSASL_CLIENT_RESULT_ERR_INTERNAL;
        }
 
        str = str_new(_client->pool, 64);
diff --git a/src/lib-sasl/mech-plain.c b/src/lib-sasl/mech-plain.c
index 95fe4fa1ef41184f5fa54ff72011f41608916459..e755fe498bd54cd049acfe929015003bc36bb49a 100644 (file)
--- a/src/lib-sasl/mech-plain.c
+++ b/src/lib-sasl/mech-plain.c
@@ -40,11 +40,11 @@ mech_plain_output(struct dsasl_client *_client,
 
        if (_client->set.authid == NULL) {
                *error_r = "authid not set";
-               return DSASL_CLIENT_RESULT_ERR_PROTOCOL;
+               return DSASL_CLIENT_RESULT_ERR_INTERNAL;
        }
        if (_client->password == NULL) {
                *error_r = "password not set";
-               return DSASL_CLIENT_RESULT_ERR_PROTOCOL;
+               return DSASL_CLIENT_RESULT_ERR_INTERNAL;
        }
 
        str = str_new(_client->pool, 64);
diff --git a/src/lib-sasl/mech-scram.c b/src/lib-sasl/mech-scram.c
index 94a5e372163ee23f0004360c4f5f54f525f30fb5..8b89ec59ab486d0c436470b153c830d5d6579981 100644 (file)
--- a/src/lib-sasl/mech-scram.c
+++ b/src/lib-sasl/mech-scram.c
@@ -118,16 +118,16 @@ mech_scram_output(struct dsasl_client *client,
 
        if (client->set.authid == NULL) {
                *error_r = "authid not set";
-               return DSASL_CLIENT_RESULT_ERR_PROTOCOL;
+               return DSASL_CLIENT_RESULT_ERR_INTERNAL;
        }
        if (client->password == NULL) {
                *error_r = "password not set";
-               return DSASL_CLIENT_RESULT_ERR_PROTOCOL;
+               return DSASL_CLIENT_RESULT_ERR_INTERNAL;
        }
 
        if (sclient->scram_client.state == AUTH_SCRAM_CLIENT_STATE_INIT &&
            mech_scram_init(sclient, error_r) < 0)
-               return DSASL_CLIENT_RESULT_ERR_PROTOCOL;
+               return DSASL_CLIENT_RESULT_ERR_INTERNAL;
 
        auth_scram_client_output(&sclient->scram_client,
                                 output_r, output_len_r);
diff --git a/src/lib-sasl/test-sasl-client.c b/src/lib-sasl/test-sasl-client.c
index 8fec4ebd6ed774587f8af0ec5c935ed48b580824..11b38428cf1c1fd8c21015932a74eb36435894ea 100644 (file)
--- a/src/lib-sasl/test-sasl-client.c
+++ b/src/lib-sasl/test-sasl-client.c
@@ -80,7 +80,7 @@ static void test_sasl_client_login(void)
        i_assert(client != NULL);
 
        test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK);
-       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL);
+       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_INTERNAL);
        test_assert_strcmp(error, "authid not set");
        dsasl_client_free(&client);
 
@@ -89,7 +89,7 @@ static void test_sasl_client_login(void)
        i_assert(client != NULL);
 
        test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK);
-       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL);
+       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_INTERNAL);
        test_assert_strcmp(error, "password not set");
        dsasl_client_free(&client);
 
@@ -166,7 +166,7 @@ static void test_sasl_client_plain(void)
        i_assert(client != NULL);
 
        test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK);
-       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL);
+       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_INTERNAL);
        test_assert_strcmp(error, "authid not set");
        dsasl_client_free(&client);
 
@@ -175,7 +175,7 @@ static void test_sasl_client_plain(void)
        i_assert(client != NULL);
 
        test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK);
-       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL);
+       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_INTERNAL);
        test_assert_strcmp(error, "password not set");
        dsasl_client_free(&client);
 
@@ -299,7 +299,7 @@ static void test_sasl_client_oauthbearer(void)
        test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK);
        test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK);
        str_append(input, "{\"status\":\"401\",\"schemes\":\"bearer\",\"scope\":\"mail\"}");
-       test_assert(dsasl_client_input(client, input->data, input->used, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL);
+       test_assert(dsasl_client_input(client, input->data, input->used, &error) == DSASL_CLIENT_RESULT_AUTH_FAILED);
        test_assert_strcmp(error, "Failed to authenticate: 401");
        test_assert(dsasl_client_get_result(client, "status", &value, &error) == 1);
        test_assert_strcmp(value, "401");
@@ -311,7 +311,7 @@ static void test_sasl_client_oauthbearer(void)
        i_assert(client != NULL);
 
        test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK);
-       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL);
+       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_INTERNAL);
        test_assert_strcmp(error, "authid not set");
        dsasl_client_free(&client);
 
@@ -320,7 +320,7 @@ static void test_sasl_client_oauthbearer(void)
        i_assert(client != NULL);
 
        test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK);
-       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL);
+       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_INTERNAL);
        test_assert_strcmp(error, "password not set");
        dsasl_client_free(&client);
 
@@ -367,7 +367,7 @@ static void test_sasl_client_xoauth2(void)
        test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK);
        test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK);
        str_append(input, "{\"status\":\"401\",\"schemes\":\"bearer\",\"scope\":\"mail\"}");
-       test_assert(dsasl_client_input(client, input->data, input->used, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL);
+       test_assert(dsasl_client_input(client, input->data, input->used, &error) == DSASL_CLIENT_RESULT_AUTH_FAILED);
        test_assert_strcmp(error, "Failed to authenticate: 401");
 
        dsasl_client_free(&client);
@@ -377,7 +377,7 @@ static void test_sasl_client_xoauth2(void)
        i_assert(client != NULL);
 
        test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK);
-       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL);
+       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_INTERNAL);
        test_assert_strcmp(error, "authid not set");
        dsasl_client_free(&client);
 
@@ -386,7 +386,7 @@ static void test_sasl_client_xoauth2(void)
        i_assert(client != NULL);
 
        test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK);
-       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL);
+       test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_INTERNAL);
        test_assert_strcmp(error, "password not set");
        dsasl_client_free(&client);
 
Mirror of https://github.com/dovecot/core.git