From: Timo Sirainen Date: Fri, 10 Jul 2009 00:49:34 +0000 (-0400) Subject: login processes: Auth code cleanups. Custom IMAP auth errors now have [ALERT] prefix. X-Git-Tag: 2.0.alpha1~449 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=74ee5590487e89b25dffb58560ab1fea79fc21d9;p=thirdparty%2Fdovecot%2Fcore.git login processes: Auth code cleanups. Custom IMAP auth errors now have [ALERT] prefix. This should make them visible in more clients. --HG-- branch : HEAD --- diff --git a/src/imap-login/client-authenticate.c b/src/imap-login/client-authenticate.c index 9b25eb6dbc..f04f9f9f98 100644 --- a/src/imap-login/client-authenticate.c +++ b/src/imap-login/client-authenticate.c @@ -67,10 +67,9 @@ static void client_auth_input(struct imap_client *client) if (line == NULL) return; - if (strcmp(line, "*") == 0) { - sasl_server_auth_client_error(&client->common, - "Authentication aborted"); - } else { + if (strcmp(line, "*") == 0) + sasl_server_auth_abort(&client->common); + else { client_set_auth_waiting(client); auth_client_request_continue(client->common.auth_request, line); io_remove(&client->io); @@ -223,7 +222,7 @@ static bool client_handle_args(struct imap_client *client, allowed to log in. Shouldn't probably happen. */ reply = t_str_new(128); if (reason != NULL) - str_printfa(reply, "NO %s", reason); + str_printfa(reply, "NO [ALERT] %s", reason); else if (temp) { str_append(reply, "NO ["IMAP_RESP_CODE_UNAVAILABLE"] " AUTH_TEMP_FAILED_MSG); @@ -255,7 +254,7 @@ static void sasl_callback(struct client *_client, enum sasl_server_reply reply, bool nodelay; i_assert(!client->destroyed || - reply == SASL_SERVER_REPLY_CLIENT_ERROR || + reply == SASL_SERVER_REPLY_AUTH_ABORTED || reply == SASL_SERVER_REPLY_MASTER_FAILED); switch (reply) { @@ -269,7 +268,7 @@ static void sasl_callback(struct client *_client, enum sasl_server_reply reply, client_destroy_success(client, "Login"); break; case SASL_SERVER_REPLY_AUTH_FAILED: - case SASL_SERVER_REPLY_CLIENT_ERROR: + case SASL_SERVER_REPLY_AUTH_ABORTED: if (client->to_auth_waiting != NULL) timeout_remove(&client->to_auth_waiting); if (args != NULL) { @@ -277,9 +276,12 @@ static void sasl_callback(struct client *_client, enum sasl_server_reply reply, break; } - msg = reply == SASL_SERVER_REPLY_AUTH_FAILED ? "NO " : "BAD "; - msg = t_strconcat(msg, data != NULL ? data : - IMAP_AUTH_FAILED_MSG, NULL); + if (reply == SASL_SERVER_REPLY_AUTH_ABORTED) + msg = "BAD Authentication aborted by client."; + else if (data == NULL) + msg = "NO "IMAP_AUTH_FAILED_MSG; + else + msg = t_strconcat("NO [ALERT] ", data, NULL); client_send_tagline(client, msg); if (!client->destroyed) diff --git a/src/imap-login/client.c b/src/imap-login/client.c index 1edd135f13..0aebede100 100644 --- a/src/imap-login/client.c +++ b/src/imap-login/client.c @@ -583,7 +583,7 @@ void client_destroy(struct imap_client *client, const char *reason) client->common.master_tag); } else if (client->common.auth_request != NULL) { i_assert(client->common.authenticating); - sasl_server_auth_client_error(&client->common, NULL); + sasl_server_auth_abort(&client->common); } else { i_assert(!client->common.authenticating); } diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c index bed8f46ad1..bd98bd76a4 100644 --- a/src/login-common/sasl-server.c +++ b/src/login-common/sasl-server.c @@ -273,7 +273,7 @@ void sasl_server_auth_failed(struct client *client, const char *reason) sasl_server_auth_cancel(client, reason, SASL_SERVER_REPLY_AUTH_FAILED); } -void sasl_server_auth_client_error(struct client *client, const char *reason) +void sasl_server_auth_abort(struct client *client) { - sasl_server_auth_cancel(client, reason, SASL_SERVER_REPLY_CLIENT_ERROR); + sasl_server_auth_cancel(client, NULL, SASL_SERVER_REPLY_AUTH_ABORTED); } diff --git a/src/login-common/sasl-server.h b/src/login-common/sasl-server.h index 3999d463d0..99214894aa 100644 --- a/src/login-common/sasl-server.h +++ b/src/login-common/sasl-server.h @@ -6,7 +6,7 @@ struct client; enum sasl_server_reply { SASL_SERVER_REPLY_SUCCESS, SASL_SERVER_REPLY_AUTH_FAILED, - SASL_SERVER_REPLY_CLIENT_ERROR, + SASL_SERVER_REPLY_AUTH_ABORTED, SASL_SERVER_REPLY_MASTER_FAILED, SASL_SERVER_REPLY_CONTINUE }; @@ -20,6 +20,6 @@ void sasl_server_auth_begin(struct client *client, const char *initial_resp_base64, sasl_server_callback_t *callback); void sasl_server_auth_failed(struct client *client, const char *reason); -void sasl_server_auth_client_error(struct client *client, const char *reason); +void sasl_server_auth_abort(struct client *client); #endif diff --git a/src/pop3-login/client-authenticate.c b/src/pop3-login/client-authenticate.c index 5f28316702..f8b4a2980c 100644 --- a/src/pop3-login/client-authenticate.c +++ b/src/pop3-login/client-authenticate.c @@ -73,10 +73,9 @@ static void client_auth_input(struct pop3_client *client) if (line == NULL) return; - if (strcmp(line, "*") == 0) { - sasl_server_auth_client_error(&client->common, - "Authentication aborted"); - } else { + if (strcmp(line, "*") == 0) + sasl_server_auth_abort(&client->common); + else { auth_client_request_continue(client->common.auth_request, line); io_remove(&client->io); @@ -217,7 +216,7 @@ static void sasl_callback(struct client *_client, enum sasl_server_reply reply, bool nodelay; i_assert(!client->destroyed || - reply == SASL_SERVER_REPLY_CLIENT_ERROR || + reply == SASL_SERVER_REPLY_AUTH_ABORTED || reply == SASL_SERVER_REPLY_MASTER_FAILED); switch (reply) { @@ -230,14 +229,18 @@ static void sasl_callback(struct client *_client, enum sasl_server_reply reply, client_destroy_success(client, "Login"); break; case SASL_SERVER_REPLY_AUTH_FAILED: - case SASL_SERVER_REPLY_CLIENT_ERROR: + case SASL_SERVER_REPLY_AUTH_ABORTED: if (args != NULL) { if (client_handle_args(client, args, FALSE, &nodelay)) break; } - msg = t_strconcat("-ERR ", data != NULL ? - data : AUTH_FAILED_MSG, NULL); + if (reply == SASL_SERVER_REPLY_AUTH_ABORTED) + msg = "-ERR Authentication aborted by client."; + else if (data == NULL) + msg = "-ERR "AUTH_FAILED_MSG; + else + msg = t_strconcat("-ERR ", data, NULL); client_send_line(client, msg); if (!client->destroyed) diff --git a/src/pop3-login/client.c b/src/pop3-login/client.c index 30e26ca39e..5c1922b1d4 100644 --- a/src/pop3-login/client.c +++ b/src/pop3-login/client.c @@ -384,7 +384,7 @@ void client_destroy(struct pop3_client *client, const char *reason) client->common.master_tag); } else if (client->common.auth_request != NULL) { i_assert(client->common.authenticating); - sasl_server_auth_client_error(&client->common, NULL); + sasl_server_auth_abort(&client->common); } else { i_assert(!client->common.authenticating); }