From f8c76ac1e80f69244c069b08ef40114cbade30ec Mon Sep 17 00:00:00 2001
From: Emmanuel Gil Peyrot <emmanuel.peyrot@collabora.com>
Date: Sat, 1 Apr 2017 14:36:55 +0100
Subject: [PATCH 1/2] =?UTF-8?q?respect=20rfc6120=20=C2=A76.5=20properly=20?=
 =?UTF-8?q?in=20sasl=5Ferror?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Any unknown condition should be considered as a <not-authorized/> one.
---
 src/components/sasl_error.rs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/components/sasl_error.rs b/src/components/sasl_error.rs
index bf59cb48..4e943cf5 100644
--- a/src/components/sasl_error.rs
+++ b/src/components/sasl_error.rs
@@ -70,6 +70,16 @@ impl FromElement for SaslError {
         else if element.has_child("temporary-auth-failure", ns::SASL) {
             err.condition = Condition::TemporaryAuthFailure;
         }
+        else {
+            /* RFC 6120 section 6.5:
+             *
+             * However, because additional error conditions might be defined in
+             * the future, if an entity receives a SASL error condition that it
+             * does not understand then it MUST treat the unknown condition as
+             * a generic authentication failure, i.e., as equivalent to
+             * <not-authorized/> (Section 6.5.10). */
+            err.condition = Condition::NotAuthorized;
+        }
         Ok(err)
     }
 }

From 6c15618df7578f2f5ce13cb13a26be2ae89cd01d Mon Sep 17 00:00:00 2001
From: Emmanuel Gil Peyrot <emmanuel.peyrot@collabora.com>
Date: Sat, 1 Apr 2017 14:37:43 +0100
Subject: [PATCH 2/2] remove extraneous text option in sasl_error

---
 src/components/sasl_error.rs | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/components/sasl_error.rs b/src/components/sasl_error.rs
index 4e943cf5..0fc011e6 100644
--- a/src/components/sasl_error.rs
+++ b/src/components/sasl_error.rs
@@ -5,7 +5,7 @@ use util::FromElement;
 #[derive(Clone, Debug)]
 pub enum Condition {
     Aborted,
-    AccountDisabled(Option<String>),
+    AccountDisabled,
     CredentialsExpired,
     EncryptionRequired,
     IncorrectEncoding,
@@ -42,9 +42,8 @@ impl FromElement for SaslError {
         if element.has_child("aborted", ns::SASL) {
             err.condition = Condition::Aborted;
         }
-        else if let Some(account_disabled) = element.get_child("account-disabled", ns::SASL) {
-            let text = account_disabled.text();
-            err.condition = Condition::AccountDisabled(if text == "" { None } else { Some(text) });
+        else if element.has_child("account-disabled", ns::SASL) {
+            err.condition = Condition::AccountDisabled;
         }
         else if element.has_child("credentials-expired", ns::SASL) {
             err.condition = Condition::CredentialsExpired;