[dovecot-cvs] dovecot/src/pop3-login client-authenticate.c, 1.50, 1.51

cras at dovecot.org cras at dovecot.org
Mon Jun 5 23:25:42 EEST 2006 

Update of /var/lib/cvs/dovecot/src/pop3-login
In directory talvi:/tmp/cvs-serv13054/pop3-login

Modified Files:
	client-authenticate.c 
Log Message:
IMAP: Reply with tagged BAD if authentication is aborted because client sent
"*" or something else that was a client error.

If authentication failed for any reason, the error message was always
"Authentication failed". In case of client errors or if auth process gave
an error message, it should have been that instead.



Index: client-authenticate.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/pop3-login/client-authenticate.c,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -d -r1.50 -r1.51
--- client-authenticate.c	9 May 2006 20:47:54 -0000	1.50
+++ client-authenticate.c	5 Jun 2006 20:25:40 -0000	1.51
@@ -70,16 +70,17 @@
 		return;
 
 	if (strcmp(line, "*") == 0) {
-		sasl_server_auth_cancel(&client->common,
-					"Authentication aborted");
+		sasl_server_auth_client_error(&client->common,
+					      "Authentication aborted");
 		return;
 	}
 
 	if (client->common.auth_request == NULL) {
-		sasl_server_auth_cancel(&client->common,
-					"Don't send unrequested data");
+		sasl_server_auth_client_error(&client->common,
+					      "Don't send unrequested data");
 	} else {
 		auth_client_request_continue(client->common.auth_request, line);
+		client->common.auth_request = NULL;
 	}
 
 	/* clear sensitive data */
@@ -152,6 +153,7 @@
 {
 	struct pop3_client *client = (struct pop3_client *)_client;
 	struct const_iovec iov[3];
+	const char *msg;
 	size_t data_len;
 
 	switch (reply) {
@@ -165,12 +167,15 @@
 		client_destroy(client, "Login");
 		break;
 	case SASL_SERVER_REPLY_AUTH_FAILED:
+	case SASL_SERVER_REPLY_CLIENT_ERROR:
 		if (args != NULL) {
 			if (client_handle_args(client, args, TRUE))
 				break;
 		}
 
-		client_send_line(client, "-ERR "AUTH_FAILED_MSG);
+		msg = t_strconcat("-ERR ", data != NULL ?
+				  data : AUTH_FAILED_MSG, NULL);
+		client_send_line(client, msg);
 
 		/* get back to normal client input. */
 		if (client->io != NULL)

More information about the dovecot-cvs mailing list