login-common: Send BAD alert about cleartext login attempt with AUTHENTICATE too

author Aki Tuomi <aki.tuomi@open-xchange.com>

Fri, 15 Jul 2022 05:47:28 +0000 (08:47 +0300)

committer aki.tuomi <aki.tuomi@open-xchange.com>

Fri, 22 Jul 2022 05:03:30 +0000 (05:03 +0000)
author Aki Tuomi <aki.tuomi@open-xchange.com>
Fri, 15 Jul 2022 05:47:28 +0000 (08:47 +0300)
committer aki.tuomi <aki.tuomi@open-xchange.com>
Fri, 22 Jul 2022 05:03:30 +0000 (05:03 +0000)
diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c

index 711b6ed1959de72d643e972c3761c8414c8d7216..bfb0b7cc12ddd6021a6c6ca31feaed5319b7a244 100644 (file)
--- a/src/login-common/sasl-server.c
+++ b/src/login-common/sasl-server.c
@@ -521,6 +521,10 @@ void sasl_server_auth_begin(struct client *client, const char *mech_name,
  
         if (!client->secured && !client->set->auth_allow_cleartext &&
             (mech->flags & MECH_SEC_PLAINTEXT) != 0) {
+               client_notify_status(client, TRUE,
+                        "cleartext authentication not allowed "
+                        "without SSL/TLS, but your client did it anyway. "
+                        "If anyone was listening, the password was exposed.");
                 sasl_server_auth_failed(client,
                         "Cleartext authentication disabled.",
                          AUTH_CLIENT_FAIL_CODE_MECH_SSL_REQUIRED);
author	Aki Tuomi <aki.tuomi@open-xchange.com>
	Fri, 15 Jul 2022 05:47:28 +0000 (08:47 +0300)
committer	aki.tuomi <aki.tuomi@open-xchange.com>
	Fri, 22 Jul 2022 05:03:30 +0000 (05:03 +0000)