Hi all, currently, when the authentication to a server fails, and if the user decided to remember the password, the password is kept, and the next authentication attempt will again fail. Attached is a patch which fixes this behaviour by clearing the respective password for the following conditions: - SMTP: when the server replies with a 534 (Authentication mechanism is too weak) or 535 (Authentication credentials invalid) status code (see RFC 4954, Sect. 6) - POP3: when any error occurs during the authentication phase, as POP3 has no standardised codes indicating the status as for SMTP - user certificate private key: when the key decryption fails Please note that this patch goes on top of the following pending patches: * “password dialogue improvements”, submitted on November 4th * “Fix broken IMAP special folders & other migration issues”, submitted on November 5th As always, any comment is welcome! Cheers, Albrecht. --- Patch details: - libbalsa/mailbox_pop3.c, libbalsa/send.c: clear appropriate password when libnetclient reports an authentication failure (SMTP, POP), or could not decrypt a user certificate's private key - libnetclient/net-client-pop.[ch]: report auth failure if the server reports any error in the authentication phase (AUTH, APOP, USER/PASS); fix nagging by Flexelint - libnetclient/net-client-smtp.[ch]: report auth failure if the server replies with status codes 534 or 535; fix nagging by Flexelint - libnetclient/net-client.[ch]: report a certificate key decryption error if the passphrase is wrong
Attachment:
clear_password_on_authfail.diff.bz2
Description: application/bzip
Attachment:
pgpr_3dmEJf74.pgp
Description: PGP signature