From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 18 Jul 2025 11:14:34 +0000 (+0300)
Subject: login-common: Handle different dsasl_client_results failures better
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f25b8df784216d8b5023b021bcb8eaef7b68e48f;p=thirdparty%2Fdovecot%2Fcore.git

login-common: Handle different dsasl_client_results failures better
---

diff --git a/src/login-common/login-proxy.c b/src/login-common/login-proxy.c
index 87cecdceea..5d655ff1d1 100644
--- a/src/login-common/login-proxy.c
+++ b/src/login-common/login-proxy.c
@@ -880,7 +880,16 @@ int login_proxy_sasl_step(struct client *client, string_t *str)
 		sasl_res = dsasl_client_output(client->proxy_sasl_client,
 					       &data, &data_len, &error);
 	}
-	if (sasl_res != DSASL_CLIENT_RESULT_OK) {
+	switch (sasl_res) {
+	case DSASL_CLIENT_RESULT_OK:
+		break;
+	case DSASL_CLIENT_RESULT_AUTH_FAILED:
+		login_proxy_failed(client->login_proxy,
+				   login_proxy_get_event(client->login_proxy),
+				   LOGIN_PROXY_FAILURE_TYPE_AUTH_NOT_REPLIED,
+				   error);
+		return -1;
+	case DSASL_CLIENT_RESULT_ERR_PROTOCOL: {
 		const char *reason = t_strdup_printf(
 			"Invalid authentication data: %s", error);
 		login_proxy_failed(client->login_proxy,
@@ -888,6 +897,12 @@ int login_proxy_sasl_step(struct client *client, string_t *str)
 				   LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
 		return -1;
 	}
+	case DSASL_CLIENT_RESULT_ERR_INTERNAL:
+		login_proxy_failed(client->login_proxy,
+				   login_proxy_get_event(client->login_proxy),
+				   LOGIN_PROXY_FAILURE_TYPE_INTERNAL, error);
+		return -1;
+	}
 	str_truncate(str, 0);
 	base64_encode(data, data_len, str);
 	return 0;