return;
}
- auth_request_set_state(request, AUTH_REQUEST_STATE_FINISHED);
request->successful = TRUE;
+ if (data_size > 0 && !request->final_resp_ok) {
+ /* we'll need one more SASL round, since client doesn't support
+ the final SASL response */
+ auth_request_handler_reply_continue(request, data, data_size);
+ return;
+ }
+
+ auth_request_set_state(request, AUTH_REQUEST_STATE_FINISHED);
auth_request_refresh_last_access(request);
auth_request_handler_reply(request, AUTH_CLIENT_RESULT_SUCCESS,
data, data_size);
/* auth client may set these */
if (strcmp(key, "secured") == 0)
request->secured = TRUE;
+ else if (strcmp(key, "final-resp-ok") == 0)
+ request->final_resp_ok = TRUE;
else if (strcmp(key, "no-penalty") == 0)
request->no_penalty = TRUE;
else if (strcmp(key, "valid-client-cert") == 0)
{
i_assert(request->state == AUTH_REQUEST_STATE_MECH_CONTINUE);
+ if (request->successful) {
+ auth_request_success(request, NULL, 0);
+ return;
+ }
+
auth_request_refresh_last_access(request);
request->mech->auth_continue(request, data, data_size);
}
unsigned int userdb_lookup:1;
unsigned int userdb_lookup_failed:1;
unsigned int secured:1;
+ unsigned int final_resp_ok:1;
unsigned int removed_from_handler:1;
/* ... mechanism specific data ... */
struct auth_request auth_request;
pool_t pool;
- unsigned int authenticated:1;
/* requested: */
char *nonce;
return;
}
- request->authenticated = TRUE;
- auth_request_handler_reply_continue(auth_request,
- request->rspauth,
- strlen(request->rspauth));
+ auth_request_success(auth_request, request->rspauth,
+ strlen(request->rspauth));
break;
case PASSDB_RESULT_INTERNAL_FAILURE:
auth_request_internal_failure(auth_request);
(struct digest_auth_request *)auth_request;
const char *username, *error;
- if (request->authenticated) {
- /* authentication is done, we were just waiting the last
- word from client */
- auth_request_success(auth_request, NULL, 0);
- return;
- }
-
if (parse_digest_response(request, data, data_size, &error)) {
if (auth_request->realm != NULL &&
strchr(request->username, '@') == NULL) {
struct auth_request auth_request;
pool_t pool;
- unsigned int authenticated:1;
/* sent: */
const char *server_first_message;
"password mismatch");
auth_request_fail(auth_request);
} else {
- request->authenticated = TRUE;
server_final_message = get_scram_server_final(request);
- auth_request_handler_reply_continue(auth_request,
- server_final_message,
- strlen(server_final_message));
+ auth_request_success(auth_request, server_final_message,
+ strlen(server_final_message));
}
break;
case PASSDB_RESULT_INTERNAL_FAILURE:
(struct scram_auth_request *)auth_request;
const char *error = NULL;
- if (request->authenticated) {
- /* authentication is done, we were just waiting the last (empty)
- client response */
- auth_request_success(auth_request, NULL, 0);
- return;
- }
-
if (!request->client_first_message_bare) {
/* Received client-first-message */
if (parse_scram_client_first(request, data,
projects / thirdparty / dovecot / core.git / commitdiff
