IMAP_RESP_CODE_EXPIRED, text);
break;
case CLIENT_AUTH_RESULT_LOGIN_DISABLED:
+ case CLIENT_AUTH_RESULT_ANONYMOUS_DENIED:
client_send_reply_code(client, IMAP_CMD_REPLY_NO,
IMAP_RESP_CODE_CONTACTADMIN, text);
break;
.init = imap_login_init,
.deinit = imap_login_deinit,
- .sasl_support_final_reply = FALSE
+ .sasl_support_final_reply = FALSE,
+ .anonymous_login_acceptable = TRUE,
};
int main(int argc, char *argv[])
.preinit = imap_urlauth_login_preinit,
.init = imap_urlauth_login_init,
.deinit = imap_urlauth_login_deinit,
+
+ .anonymous_login_acceptable = TRUE,
};
int main(int argc, char *argv[])
/* not actually returned from auth service */
#define AUTH_CLIENT_FAIL_CODE_MECH_INVALID "auth_mech_invalid"
#define AUTH_CLIENT_FAIL_CODE_MECH_SSL_REQUIRED "auth_mech_ssl_required"
+#define AUTH_CLIENT_FAIL_CODE_ANONYMOUS_DENIED "anonymous_denied"
#endif
CLIENT_AUTH_FAIL_CODE_MECH_INVALID },
{ AUTH_CLIENT_FAIL_CODE_MECH_SSL_REQUIRED,
CLIENT_AUTH_FAIL_CODE_MECH_SSL_REQUIRED },
+ { AUTH_CLIENT_FAIL_CODE_ANONYMOUS_DENIED,
+ CLIENT_AUTH_FAIL_CODE_ANONYMOUS_DENIED },
{ NULL, CLIENT_AUTH_FAIL_CODE_NONE }
};
case CLIENT_AUTH_FAIL_CODE_MECH_SSL_REQUIRED:
result = CLIENT_AUTH_RESULT_MECH_SSL_REQUIRED;
break;
+ case CLIENT_AUTH_FAIL_CODE_ANONYMOUS_DENIED:
+ result = CLIENT_AUTH_RESULT_ANONYMOUS_DENIED;
+ break;
case CLIENT_AUTH_FAIL_CODE_LOGIN_DISABLED:
result = CLIENT_AUTH_RESULT_LOGIN_DISABLED;
if (reason == NULL)
CLIENT_AUTH_FAIL_CODE_LOGIN_DISABLED,
CLIENT_AUTH_FAIL_CODE_MECH_INVALID,
CLIENT_AUTH_FAIL_CODE_MECH_SSL_REQUIRED,
+ CLIENT_AUTH_FAIL_CODE_ANONYMOUS_DENIED,
};
enum client_auth_result {
CLIENT_AUTH_RESULT_INVALID_BASE64,
CLIENT_AUTH_RESULT_LOGIN_DISABLED,
CLIENT_AUTH_RESULT_MECH_INVALID,
- CLIENT_AUTH_RESULT_MECH_SSL_REQUIRED
+ CLIENT_AUTH_RESULT_MECH_SSL_REQUIRED,
+ CLIENT_AUTH_RESULT_ANONYMOUS_DENIED
};
struct client_auth_reply {
void (*init)(void);
void (*deinit)(void);
- bool sasl_support_final_reply;
+ bool sasl_support_final_reply:1;
+ bool anonymous_login_acceptable:1;
};
struct login_module_register {
if (client->v.sasl_filter_mech != NULL &&
!client->v.sasl_filter_mech(client, mech))
return FALSE;
- return TRUE;
+ return ((mech->flags & MECH_SEC_ANONYMOUS) == 0 ||
+ login_binary->anonymous_login_acceptable);
}
const struct auth_mech_desc *
if (client->v.sasl_check_login != NULL &&
!client->v.sasl_check_login(client))
return FALSE;
+ if (client->auth_anonymous &&
+ !login_binary->anonymous_login_acceptable) {
+ sasl_server_auth_failed(client,
+ "Anonymous login denied",
+ AUTH_CLIENT_FAIL_CODE_ANONYMOUS_DENIED);
+ return FALSE;
+ }
return TRUE;
}
.init = pop3_login_init,
.deinit = pop3_login_deinit,
- .sasl_support_final_reply = FALSE
+ .sasl_support_final_reply = FALSE,
+ .anonymous_login_acceptable = TRUE,
};
int main(int argc, char *argv[])
smtp_server_reply(cmd, 504, "5.5.4", "%s", text);
break;
case CLIENT_AUTH_RESULT_LOGIN_DISABLED:
+ case CLIENT_AUTH_RESULT_ANONYMOUS_DENIED:
/* RFC5248, Section 2.4:
525 X.7.13 User Account Disabled
.init = submission_login_init,
.deinit = submission_login_deinit,
- .sasl_support_final_reply = FALSE
+ .sasl_support_final_reply = FALSE,
+ .anonymous_login_acceptable = FALSE,
};
int main(int argc, char *argv[])
projects / thirdparty / dovecot / core.git / commitdiff
