Mercurial > dovecot > original-hg > dovecot-1.2

changeset 9218:754234248510 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
login processes: Auth code cleanups. Custom IMAP auth errors now have [ALERT] prefix. This should make them visible in more clients.
author Timo Sirainen <tss@iki.fi>
date Thu, 09 Jul 2009 20:49:34 -0400
parents dd49cf3fd2c9
children a9f719f9a509
files src/imap-login/client-authenticate.c src/imap-login/client.c src/login-common/sasl-server.c src/login-common/sasl-server.h src/pop3-login/client-authenticate.c src/pop3-login/client.c
diffstat 6 files changed, 29 insertions(+), 24 deletions(-) [+]
line wrap: on
line diff
--- a/src/imap-login/client-authenticate.c	Thu Jul 09 19:15:59 2009 -0400
+++ b/src/imap-login/client-authenticate.c	Thu Jul 09 20:49:34 2009 -0400
@@ -66,10 +66,9 @@
 	if (line == NULL)
 		return;
 
-	if (strcmp(line, "*") == 0) {
-		sasl_server_auth_client_error(&client->common,
-					      "Authentication aborted");
-	} else {
+	if (strcmp(line, "*") == 0)
+		sasl_server_auth_abort(&client->common);
+	else {
 		client_set_auth_waiting(client);
 		auth_client_request_continue(client->common.auth_request, line);
 		io_remove(&client->io);
@@ -232,7 +231,7 @@
 		   allowed to log in. Shouldn't probably happen. */
 		reply = t_str_new(128);
 		if (reason != NULL)
-			str_printfa(reply, "NO %s", reason);
+			str_printfa(reply, "NO [ALERT] %s", reason);
 		else if (temp) {
 			str_append(reply, "NO ["IMAP_RESP_CODE_UNAVAILABLE"] "
 				   AUTH_TEMP_FAILED_MSG);
@@ -264,7 +263,7 @@
 	bool nodelay;
 
 	i_assert(!client->destroyed ||
-		 reply == SASL_SERVER_REPLY_CLIENT_ERROR ||
+		 reply == SASL_SERVER_REPLY_AUTH_ABORTED ||
 		 reply == SASL_SERVER_REPLY_MASTER_FAILED);
 
 	switch (reply) {
@@ -278,7 +277,7 @@
 		client_destroy_success(client, "Login");
 		break;
 	case SASL_SERVER_REPLY_AUTH_FAILED:
-	case SASL_SERVER_REPLY_CLIENT_ERROR:
+	case SASL_SERVER_REPLY_AUTH_ABORTED:
 		if (client->to_auth_waiting != NULL)
 			timeout_remove(&client->to_auth_waiting);
 		if (args != NULL) {
@@ -286,9 +285,12 @@
 				break;
 		}
 
-		msg = reply == SASL_SERVER_REPLY_AUTH_FAILED ? "NO " : "BAD ";
-		msg = t_strconcat(msg, data != NULL ? data :
-				  IMAP_AUTH_FAILED_MSG, NULL);
+		if (reply == SASL_SERVER_REPLY_AUTH_ABORTED)
+			msg = "BAD Authentication aborted by client.";
+		else if (data == NULL)
+			msg = "NO "IMAP_AUTH_FAILED_MSG;
+		else
+			msg = t_strconcat("NO [ALERT] ", data, NULL);
 		client_send_tagline(client, msg);
 
 		if (!client->destroyed)
--- a/src/imap-login/client.c	Thu Jul 09 19:15:59 2009 -0400
+++ b/src/imap-login/client.c	Thu Jul 09 20:49:34 2009 -0400
@@ -567,7 +567,7 @@
 		master_request_abort(&client->common);
 	} else if (client->common.auth_request != NULL) {
 		i_assert(client->common.authenticating);
-		sasl_server_auth_client_error(&client->common, NULL);
+		sasl_server_auth_abort(&client->common);
 	} else {
 		i_assert(!client->common.authenticating);
 	}
--- a/src/login-common/sasl-server.c	Thu Jul 09 19:15:59 2009 -0400
+++ b/src/login-common/sasl-server.c	Thu Jul 09 20:49:34 2009 -0400
@@ -204,7 +204,7 @@
 	sasl_server_auth_cancel(client, reason, SASL_SERVER_REPLY_AUTH_FAILED);
 }
 
-void sasl_server_auth_client_error(struct client *client, const char *reason)
+void sasl_server_auth_abort(struct client *client)
 {
-	sasl_server_auth_cancel(client, reason, SASL_SERVER_REPLY_CLIENT_ERROR);
+	sasl_server_auth_cancel(client, NULL, SASL_SERVER_REPLY_AUTH_ABORTED);
 }
--- a/src/login-common/sasl-server.h	Thu Jul 09 19:15:59 2009 -0400
+++ b/src/login-common/sasl-server.h	Thu Jul 09 20:49:34 2009 -0400
@@ -4,7 +4,7 @@
 enum sasl_server_reply {
 	SASL_SERVER_REPLY_SUCCESS,
 	SASL_SERVER_REPLY_AUTH_FAILED,
-	SASL_SERVER_REPLY_CLIENT_ERROR,
+	SASL_SERVER_REPLY_AUTH_ABORTED,
 	SASL_SERVER_REPLY_MASTER_FAILED,
 	SASL_SERVER_REPLY_CONTINUE
 };
@@ -18,6 +18,6 @@
 			    const char *initial_resp_base64,
 			    sasl_server_callback_t *callback);
 void sasl_server_auth_failed(struct client *client, const char *reason);
-void sasl_server_auth_client_error(struct client *client, const char *reason);
+void sasl_server_auth_abort(struct client *client);
 
 #endif
--- a/src/pop3-login/client-authenticate.c	Thu Jul 09 19:15:59 2009 -0400
+++ b/src/pop3-login/client-authenticate.c	Thu Jul 09 20:49:34 2009 -0400
@@ -71,10 +71,9 @@
 	if (line == NULL)
 		return;
 
-	if (strcmp(line, "*") == 0) {
-		sasl_server_auth_client_error(&client->common,
-					      "Authentication aborted");
-	} else {
+	if (strcmp(line, "*") == 0)
+		sasl_server_auth_abort(&client->common);
+	else {
 		auth_client_request_continue(client->common.auth_request, line);
 		io_remove(&client->io);
 
@@ -225,7 +224,7 @@
 	bool nodelay;
 
 	i_assert(!client->destroyed ||
-		 reply == SASL_SERVER_REPLY_CLIENT_ERROR ||
+		 reply == SASL_SERVER_REPLY_AUTH_ABORTED ||
 		 reply == SASL_SERVER_REPLY_MASTER_FAILED);
 
 	switch (reply) {
@@ -238,14 +237,18 @@
 		client_destroy_success(client, "Login");
 		break;
 	case SASL_SERVER_REPLY_AUTH_FAILED:
-	case SASL_SERVER_REPLY_CLIENT_ERROR:
+	case SASL_SERVER_REPLY_AUTH_ABORTED:
 		if (args != NULL) {
 			if (client_handle_args(client, args, FALSE, &nodelay))
 				break;
 		}
 
-		msg = t_strconcat("-ERR ", data != NULL ?
-				  data : AUTH_FAILED_MSG, NULL);
+		if (reply == SASL_SERVER_REPLY_AUTH_ABORTED)
+			msg = "-ERR Authentication aborted by client.";
+		else if (data == NULL)
+			msg = "-ERR "AUTH_FAILED_MSG;
+		else
+			msg = t_strconcat("-ERR ", data, NULL);
 		client_send_line(client, msg);
 
 		if (!client->destroyed)
--- a/src/pop3-login/client.c	Thu Jul 09 19:15:59 2009 -0400
+++ b/src/pop3-login/client.c	Thu Jul 09 20:49:34 2009 -0400
@@ -370,7 +370,7 @@
 		master_request_abort(&client->common);
 	} else if (client->common.auth_request != NULL) {
 		i_assert(client->common.authenticating);
-		sasl_server_auth_client_error(&client->common, NULL);
+		sasl_server_auth_abort(&client->common);
 	} else {
 		i_assert(!client->common.authenticating);
 	}