case SASL_SERVER_OUTPUT_INTERNAL_FAILURE:
auth_request_internal_failure(request);
break;
+ case SASL_SERVER_OUTPUT_PASSWORD_MISMATCH:
+ e_info(request->event, "%s", AUTH_LOG_MSG_PASSWORD_MISMATCH);
+ auth_request_fail_with_reply(
+ request, output->data, output->data_size);
+ break;
case SASL_SERVER_OUTPUT_FAILURE:
auth_request_fail_with_reply(
request, output->data, output->data_size);
if (!mem_equals_timing_safe(response_hex, request->response,
sizeof(digest) * 2)) {
- e_info(auth_request->event, AUTH_LOG_MSG_PASSWORD_MISMATCH);
- sasl_server_request_failure(auth_request);
+ sasl_server_request_password_mismatch(auth_request);
return;
}
/* verify response */
if (!mem_equals_timing_safe(response_hex,
request->response, 32)) {
- e_info(auth_request->event,
- AUTH_LOG_MSG_PASSWORD_MISMATCH);
- sasl_server_request_failure(auth_request);
+ sasl_server_request_password_mismatch(
+ auth_request);
return;
}
} else {
sasl_server_request_failure(auth_request);
return;
}
-
if (!sasl_server_request_set_authid(auth_request,
SASL_SERVER_AUTHID_TYPE_USERNAME,
request->username)) {
ret = memcmp(cur_hash, state->hash, OTP_HASH_SIZE);
if (ret != 0) {
- sasl_server_request_failure(auth_request);
+ sasl_server_request_password_mismatch(auth_request);
otp_unlock(request);
return;
}
ret = memcmp(hash, request->state.hash, OTP_HASH_SIZE);
if (ret != 0) {
- sasl_server_request_failure(auth_request);
+ sasl_server_request_password_mismatch(auth_request);
otp_unlock(request);
return;
}
i_unreached();
case AUTH_SCRAM_SERVER_ERROR_PROTOCOL_VIOLATION:
e_info(auth_request->event, "%s", error);
+ sasl_server_request_failure(auth_request);
break;
case AUTH_SCRAM_SERVER_ERROR_BAD_USERNAME:
case AUTH_SCRAM_SERVER_ERROR_BAD_LOGIN_USERNAME:
case AUTH_SCRAM_SERVER_ERROR_LOOKUP_FAILED:
+ sasl_server_request_failure(auth_request);
break;
case AUTH_SCRAM_SERVER_ERROR_VERIFICATION_FAILED:
- e_info(auth_request->event,
- AUTH_LOG_MSG_PASSWORD_MISMATCH);
+ sasl_server_request_password_mismatch(auth_request);
break;
}
- sasl_server_request_failure(auth_request);
return;
}
if (ret == 0)
struct sasl_server_mech_request *mreq,
const void *data, size_t data_size);
void sasl_server_request_failure(struct sasl_server_mech_request *mreq);
+void sasl_server_request_password_mismatch(
+ struct sasl_server_mech_request *mreq);
void sasl_server_request_internal_failure(
struct sasl_server_mech_request *mreq);
req->failed = TRUE;
if (data_size > 0) {
i_assert(status != SASL_SERVER_OUTPUT_INTERNAL_FAILURE);
+ i_assert(status != SASL_SERVER_OUTPUT_PASSWORD_MISMATCH);
i_assert(!req->finished_with_data);
req->finished_with_data = TRUE;
e_debug(req->event,
"Interaction failed with final data (size=%zu)",
data_size);
+ } else if (status == SASL_SERVER_OUTPUT_PASSWORD_MISMATCH) {
+ e_debug(req->event, "Interaction failed: Password mismatch");
} else if (status == SASL_SERVER_OUTPUT_INTERNAL_FAILURE) {
e_debug(req->event, "Interaction failed (internal failure)");
} else {
"", 0);
}
+void sasl_server_request_password_mismatch(
+ struct sasl_server_mech_request *mreq)
+{
+ sasl_server_request_failure_common(
+ mreq, SASL_SERVER_OUTPUT_PASSWORD_MISMATCH, "", 0);
+}
+
void sasl_server_request_internal_failure(
struct sasl_server_mech_request *mreq)
{
enum sasl_server_output_status {
/* Internal failure */
- SASL_SERVER_OUTPUT_INTERNAL_FAILURE = -2,
+ SASL_SERVER_OUTPUT_INTERNAL_FAILURE = -3,
+ /* Password mismatch */
+ SASL_SERVER_OUTPUT_PASSWORD_MISMATCH = -2,
/* Authentication failed */
SASL_SERVER_OUTPUT_FAILURE = -1,
/* Client is challlenged to continue authentication */
projects / thirdparty / dovecot / core.git / commitdiff
