From a8ea6ba381e79e4198338f5721bbaa3679da5cb9 Mon Sep 17 00:00:00 2001
From: manuel <manuel@mausz.at>
Date: Thu, 28 Nov 2024 13:16:06 +0100
Subject: smtp: add support for auth fail reason passed from dovecot auth

---
 qmail-smtpd.c | 33 +++++++++++++++++++++++++++------
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index d0395fc..1c26031 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -211,6 +211,9 @@ int err_authabrt() { out("501 auth exchange canceled (#5.0.0)\r\n"); return -1;
 int err_input() { out("501 malformed auth input (#5.5.4)\r\n"); return -1; }
 int err_wantstarttls() { out("530 Must issue a STARTTLS command first (#5.7.0)\r\n"); return -1; };
 void err_authfail() { out("535 authentication failed (#5.7.1)\r\n"); do_hard_errors(); }
+void err_authfail_reason(char *r) { out("535 "); out(r); out(" (#5.7.1)\r\n"); do_hard_errors(); }
+void err_authfail_disabled() { out("535 login disabled for this user (#5.7.1)\r\n"); do_hard_errors(); }
+void err_authfail_temp() { out("454 temporary failure (#4.3.0)\r\n"); do_hard_errors(); }
 void err_nomailbox() { out("554 sorry, no mailbox here by that name (#5.1.1)\r\n"); do_hard_errors(); }
 void err_maxrcpt() { out("450 too many recipients (#4.7.1)\r\n"); do_hard_errors(); }
 
@@ -1054,7 +1057,7 @@ int authenticate(void)
   int pi[2];
   int piauth[2], i, len;
   char *arg;
-  static stralloc authout = {0}, authparams = {0};
+  static stralloc authout = {0}, authparams = {0}, authreason = {0};
 
   if (!stralloc_0(&user)) die_nomem();
   if (!stralloc_0(&pass)) die_nomem();
@@ -1105,12 +1108,17 @@ int authenticate(void)
     len = authout.len;
     arg = authout.s;
     if (!stralloc_copys(&authparams, "")) die_nomem();
+    if (!stralloc_copys(&authreason, "")) die_nomem();
     while (len) {
       if (*arg == '\0') {
         if (case_starts(authparams.s, "USER=") && (authparams.len - 5) > 0) {
           if (!stralloc_copyb(&user, authparams.s + 5, authparams.len - 5)) die_nomem();
           if (!stralloc_0(&user)) die_nomem();
         }
+        else if (case_starts(authparams.s, "REASON=") && (authparams.len - 7) > 0) {
+          if (!stralloc_copyb(&authreason, authparams.s + 7, authparams.len - 7)) die_nomem();
+          if (!stralloc_0(&authreason)) die_nomem();
+        }
         if (!stralloc_copys(&authparams, "")) die_nomem();
       }
       else
@@ -1128,7 +1136,20 @@ int authenticate(void)
   byte_zero(ssauth2buf,sizeof ssauth2buf);
   if (wait_pid(&wstat,child) == -1) return err_child();
   if (wait_crashed(wstat)) return err_child();
-  if (wait_exitcode(wstat)) { sleep(AUTHSLEEP); return 1; } /* no */
+  if (wait_exitcode(wstat)) {
+    sleep(AUTHSLEEP);
+    if (authreason.len > 0) { err_authfail_reason(authreason.s); return -1; }
+    switch(wait_exitcode(wstat))
+    {
+      case 110: /* login disabled */
+        err_authfail_disabled();
+        return -1;
+      case 111: /* temp fail */
+        err_authfail_temp();
+        return -1;
+    }
+    return 1; /* invalid login */
+  }
   return 0; /* yes */
 }
 
@@ -1234,12 +1255,12 @@ struct authcmd {
   char *text;
   int (*fun)();
 } authcmds[] = {
-  { "login",auth_login }
-,  { "plain",auth_plain }
+  { "login", auth_login },
+  { "plain", auth_plain },
 #ifdef CRAM_MD5
-, { "cram-md5",auth_cram }
+ { "cram-md5", auth_cram },
 #endif
-, { 0,err_noauth }
+ { 0, err_noauth },
 };
 
 void smtp_auth(arg)
-- 
cgit v1.2.3