Fix SASL auth error conditions

diff --git a/src/cyrsasl_digest.erl b/src/cyrsasl_digest.erl
index e8f0488f2de33c94970f1a6265ac842d8a664037..a447d53151b4dca65b2cd64a82a15194c73e9e28 100644 (file)
--- a/src/cyrsasl_digest.erl
+++ b/src/cyrsasl_digest.erl
@@ -91,7 +91,7 @@ mech_step(#state{step = 1, nonce = Nonce} = State, _) ->
 mech_step(#state{step = 3, nonce = Nonce} = State, ClientIn) ->
     case parse(ClientIn) of
        bad ->
-           {error, 'bad-protocol'};
+           {error, 'malformed-request'};
        KeyVals ->
            DigestURI = proplists:get_value("digest-uri", KeyVals, ""),
            UserName = proplists:get_value("username", KeyVals, ""),
@@ -136,7 +136,7 @@ mech_step(#state{step = 5,
          {auth_module, AuthModule}]};
 mech_step(A, B) ->
     ?DEBUG("SASL DIGEST: A ~p B ~p", [A,B]),
-    {error, 'bad-protocol'}.
+    {error, 'malformed-request'}.
 
 %% @spec (S) -> [{Key, Value}] | bad
 %%     S = string()

diff --git a/src/cyrsasl_plain.erl b/src/cyrsasl_plain.erl
index 4d5176dc08d97a22078c4f1a8f82838f7297f912..723861774369378d38ff6c7aa693d40d29c3359d 100644 (file)
--- a/src/cyrsasl_plain.erl
+++ b/src/cyrsasl_plain.erl
@@ -77,7 +77,7 @@ mech_step(State, ClientIn) ->
                    {error, 'not-authorized', "", User}
            end;
        _ ->
-           {error, 'bad-protocol'}
+           {error, 'malformed-request'}
     end.
 
 prepare(ClientIn) ->

diff --git a/src/cyrsasl_scram.erl b/src/cyrsasl_scram.erl
index 87d19a544379b3602dfef7451a8e315c20ff8ac9..d1c218be146aef41cd1f671676750c3c6819bb82 100644 (file)
--- a/src/cyrsasl_scram.erl
+++ b/src/cyrsasl_scram.erl
@@ -61,7 +61,7 @@ mech_step(#state{step = 2} = State, ClientIn) ->
                {_, EscapedUserName} ->
                        case unescape_username(EscapedUserName) of
                        error ->
-                               {error, 'protocol-error-bad-username'};
+                               {error, 'malformed-request', "Error in username encoding", EscapedUserName};
                        UserName ->
                                case parse_attribute(ClientNonceAttribute) of
                                {$r, ClientNonce} ->
@@ -90,12 +90,12 @@ mech_step(#state{step = 2} = State, ClientIn) ->
                                                                         client_nonce = ClientNonce, server_nonce = ServerNonce, username = UserName}}
                                        end;
                                _Else ->
-                                       {error, 'not-supported'}
+                                       {error, 'malformed-request'}
                                end
                        end
                end;
        _Else ->
-           {error, 'bad-protocol'}
+           {error, 'malformed-request'}
        end;
 mech_step(#state{step = 4} = State, ClientIn) ->
        case string:tokens(ClientIn, ",") of
@@ -118,21 +118,21 @@ mech_step(#state{step = 4} = State, ClientIn) ->
                                                ServerSignature = scram:server_signature(State#state.server_key, AuthMessage),
                                                {ok, [{username, State#state.username}], "v=" ++ base64:encode_to_string(ServerSignature)};
                                        true ->
-                                               {error, 'bad-auth'}
+                                               {error, 'not-authorized', "", State#state.username}
                                        end;
                                _Else ->
-                                       {error, 'bad-protocol'}
+                                       {error, 'malformed-request', "Bad protocol", State#state.username}
                                end;
                        {$r, _} ->
-                               {error, 'bad-nonce'};
+                               {error, 'malformed-request', "Bad nonce", State#state.username};
                        _Else ->
-                               {error, 'bad-protocol'}
+                               {error, 'malformed-request', "Bad protocol", State#state.username}
                        end;
                _Else ->
-                       {error, 'bad-protocol'}
+                       {error, 'malformed-request', "Bad protocol", State#state.username}
                end;
        _Else ->
-               {error, 'bad-protocol'}
+               {error, 'malformed-request', "Bad protocol", State#state.username}
        end.
 
 parse_attribute(Attribute) ->
@@ -147,13 +147,13 @@ parse_attribute(Attribute) ->
                                        String = string:substr(Attribute, 3),
                                        {lists:nth(1, Attribute), String};
                                true ->
-                                       {error, 'bad-format second char not equal sign'}
+                                       {error, 'malformed-request', "Second char not equal sign", ""}
                                end;
                        _Else ->
-                               {error, 'bad-format first char not a letter'}
+                               {error, 'malformed-request', "First char not a letter", ""}
                end;
        true -> 
-               {error, 'bad-format attribute too short'}
+               {error, 'malformed-request', "Attribute too short", ""}
        end.
 
 unescape_username("") ->