pidgin.yaz: libpurple/protocols/jabber/auth

annotate libpurple/protocols/jabber/auth_cyrus.c @ 30852:9789e8e7d834

jabber: Document this not being an off-by-one...

author	Paul Aurich <paul@darkrain42.org>
date	Thu, 19 Aug 2010 19:55:31 +0000
parents	c8cf189bf6db
children	1cdae196aac8

rev	line source
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	1 /*
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	2 * purple - Jabber Protocol Plugin
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	3 *
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	4 * Purple is the legal property of its developers, whose names are too numerous
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	5 * to list here. Please refer to the COPYRIGHT file distributed with this
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	6 * source distribution.
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	7 *
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	8 * This program is free software; you can redistribute it and/or modify
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	9 * it under the terms of the GNU General Public License as published by
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	10 * the Free Software Foundation; either version 2 of the License, or
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	11 * (at your option) any later version.
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	12 *
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	13 * This program is distributed in the hope that it will be useful,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	16 * GNU General Public License for more details.
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	17 *
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	18 * You should have received a copy of the GNU General Public License
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	19 * along with this program; if not, write to the Free Software
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	21 *
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	22 */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	23 #include "internal.h"
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	24 #include "core.h"
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	25 #include "debug.h"
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	26 #include "request.h"
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	27
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	28 #include "auth.h"
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	29 #include "jabber.h"
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	30
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	31 static JabberSaslState jabber_auth_start_cyrus(JabberStream js, xmlnode *reply,
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29135 diff changeset	32 char **error);
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	33 static void jabber_sasl_build_callbacks(JabberStream *);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	34
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	35 static void disallow_plaintext_auth(PurpleAccount *account)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	36 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	37 purple_connection_error_reason(purple_account_get_connection(account),
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	38 PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR,
30681 c8cf189bf6db jabber: This is more accurate, I think (e.g. Cyrus doesn't know what SCRAM-SHA-1 is) Paul Aurich <paul@darkrain42.org> parents: 30605 diff changeset	39 _("Server may require plaintext authentication over an unencrypted stream"));
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	40 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	41
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	42 static void start_cyrus_wrapper(JabberStream *js)
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	43 {
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29135 diff changeset	44 char *error = NULL;
b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29135 diff changeset	45 xmlnode *response = NULL;
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	46 JabberSaslState state = jabber_auth_start_cyrus(js, &response, &error);
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	47
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	48 if (state == JABBER_SASL_STATE_FAIL) {
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	49 purple_connection_error_reason(js->gc,
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	50 PURPLE_CONNECTION_ERROR_AUTHENTICATION_IMPOSSIBLE,
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	51 error);
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29135 diff changeset	52 g_free(error);
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	53 } else if (response) {
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	54 jabber_send(js, response);
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	55 xmlnode_free(response);
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	56 }
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	57 }
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	58
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	59
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	60 /* Callbacks for Cyrus SASL */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	61
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	62 static int jabber_sasl_cb_realm(void ctx, int id, const char avail, const char *result)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	63 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	64 JabberStream *js = ctx;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	65
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	66 if (id != SASL_CB_GETREALM \|\| !result) return SASL_BADPARAM;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	67
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	68 *result = js->user->domain;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	69
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	70 return SASL_OK;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	71 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	72
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	73 static int jabber_sasl_cb_simple(void ctx, int id, const char res, unsigned len)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	74 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	75 JabberStream *js = ctx;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	76
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	77 switch(id) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	78 case SASL_CB_AUTHNAME:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	79 *res = js->user->node;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	80 break;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	81 case SASL_CB_USER:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	82 *res = "";
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	83 break;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	84 default:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	85 return SASL_BADPARAM;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	86 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	87 if (len) len = strlen((char )*res);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	88 return SASL_OK;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	89 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	90
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	91 static int jabber_sasl_cb_secret(sasl_conn_t conn, void ctx, int id, sasl_secret_t **secret)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	92 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	93 JabberStream *js = ctx;
29079 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 29078 diff changeset	94 PurpleAccount *account;
de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 29078 diff changeset	95 const char *pw;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	96 size_t len;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	97 static sasl_secret_t *x = NULL;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	98
29082 8ed52586826b More oops. Paul Aurich <paul@darkrain42.org> parents: 29079 diff changeset	99 account = purple_connection_get_account(js->gc);
29079 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 29078 diff changeset	100 pw = purple_account_get_password(account);
de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 29078 diff changeset	101
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	102 if (!conn \|\| !secret \|\| id != SASL_CB_PASS)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	103 return SASL_BADPARAM;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	104
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	105 len = strlen(pw);
30852 9789e8e7d834 jabber: Document this not being an off-by-one... Paul Aurich <paul@darkrain42.org> parents: 30681 diff changeset	106 /* Not an off-by-one because sasl_secret_t defines char data[1] */
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	107 x = (sasl_secret_t *) realloc(x, sizeof(sasl_secret_t) + len);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	108
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	109 if (!x)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	110 return SASL_NOMEM;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	111
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	112 x->len = len;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	113 strcpy((char*)x->data, pw);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	114
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	115 *secret = x;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	116 return SASL_OK;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	117 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	118
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	119 static void allow_cyrus_plaintext_auth(PurpleAccount *account)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	120 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	121 PurpleConnection *gc;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	122 JabberStream *js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	123
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	124 gc = purple_account_get_connection(account);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	125 js = purple_connection_get_protocol_data(gc);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	126
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	127 purple_account_set_bool(account, "auth_plain_in_clear", TRUE);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	128
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	129 start_cyrus_wrapper(js);
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	130 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	131
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	132 static void auth_pass_cb(PurpleConnection gc, PurpleRequestFields fields)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	133 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	134 PurpleAccount *account;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	135 JabberStream *js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	136 const char *entry;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	137 gboolean remember;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	138
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	139 /* The password prompt dialog doesn't get disposed if the account disconnects */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	140 if (!PURPLE_CONNECTION_IS_VALID(gc))
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	141 return;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	142
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	143 account = purple_connection_get_account(gc);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	144 js = purple_connection_get_protocol_data(gc);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	145
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	146 entry = purple_request_fields_get_string(fields, "password");
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	147 remember = purple_request_fields_get_bool(fields, "remember");
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	148
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	149 if (!entry \|\| !*entry)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	150 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	151 purple_notify_error(account, NULL, _("Password is required to sign on."), NULL);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	152 return;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	153 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	154
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	155 if (remember)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	156 purple_account_set_remember_password(account, TRUE);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	157
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	158 purple_account_set_password(account, entry);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	159
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	160 /* Rebuild our callbacks as we now have a password to offer */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	161 jabber_sasl_build_callbacks(js);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	162
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	163 /* Restart our negotiation */
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	164 start_cyrus_wrapper(js);
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	165 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	166
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	167 static void
29083 da2ce5d8d4b4 jabber: A little more use of accessors. Paul Aurich <paul@darkrain42.org> parents: 29082 diff changeset	168 auth_no_pass_cb(PurpleConnection gc, PurpleRequestFields fields)
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	169 {
29083 da2ce5d8d4b4 jabber: A little more use of accessors. Paul Aurich <paul@darkrain42.org> parents: 29082 diff changeset	170 PurpleAccount *account;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	171 JabberStream *js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	172
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	173 /* The password prompt dialog doesn't get disposed if the account disconnects */
29083 da2ce5d8d4b4 jabber: A little more use of accessors. Paul Aurich <paul@darkrain42.org> parents: 29082 diff changeset	174 if (!PURPLE_CONNECTION_IS_VALID(gc))
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	175 return;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	176
29083 da2ce5d8d4b4 jabber: A little more use of accessors. Paul Aurich <paul@darkrain42.org> parents: 29082 diff changeset	177 account = purple_connection_get_account(gc);
da2ce5d8d4b4 jabber: A little more use of accessors. Paul Aurich <paul@darkrain42.org> parents: 29082 diff changeset	178 js = purple_connection_get_protocol_data(gc);
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	179
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	180 /* Disable the account as the user has canceled connecting */
29083 da2ce5d8d4b4 jabber: A little more use of accessors. Paul Aurich <paul@darkrain42.org> parents: 29082 diff changeset	181 purple_account_set_enabled(account, purple_core_get_ui(), FALSE);
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	182 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	183
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	184 static JabberSaslState
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29135 diff changeset	185 jabber_auth_start_cyrus(JabberStream js, xmlnode reply, char *error)
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	186 {
29079 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 29078 diff changeset	187 PurpleAccount *account;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	188 const char *clientout = NULL;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	189 char *enc_out;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	190 unsigned coutlen = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	191 sasl_security_properties_t secprops;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	192 gboolean again;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	193 gboolean plaintext = TRUE;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	194
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	195 /* Set up security properties and options */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	196 secprops.min_ssf = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	197 secprops.security_flags = SASL_SEC_NOANONYMOUS;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	198
29079 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 29078 diff changeset	199 account = purple_connection_get_account(js->gc);
de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 29078 diff changeset	200
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	201 if (!jabber_stream_is_ssl(js)) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	202 secprops.max_ssf = -1;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	203 secprops.maxbufsize = 4096;
29079 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 29078 diff changeset	204 plaintext = purple_account_get_bool(account, "auth_plain_in_clear", FALSE);
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	205 if (!plaintext)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	206 secprops.security_flags \|= SASL_SEC_NOPLAINTEXT;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	207 } else {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	208 secprops.max_ssf = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	209 secprops.maxbufsize = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	210 plaintext = TRUE;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	211 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	212 secprops.property_names = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	213 secprops.property_values = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	214
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	215 do {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	216 again = FALSE;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	217
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	218 js->sasl_state = sasl_client_new("xmpp", js->serverFQDN, NULL, NULL, js->sasl_cb, 0, &js->sasl);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	219 if (js->sasl_state==SASL_OK) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	220 sasl_setprop(js->sasl, SASL_SEC_PROPS, &secprops);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	221 purple_debug_info("sasl", "Mechs found: %s\n", js->sasl_mechs->str);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	222 js->sasl_state = sasl_client_start(js->sasl, js->sasl_mechs->str, NULL, &clientout, &coutlen, &js->current_mech);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	223 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	224 switch (js->sasl_state) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	225 /* Success */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	226 case SASL_OK:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	227 case SASL_CONTINUE:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	228 break;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	229 case SASL_NOMECH:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	230 /* No mechanisms have offered to help */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	231
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	232 /* Firstly, if we don't have a password try
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	233 * to get one
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	234 */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	235
29079 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 29078 diff changeset	236 if (!purple_account_get_password(account)) {
de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 29078 diff changeset	237 purple_account_request_password(account, G_CALLBACK(auth_pass_cb), G_CALLBACK(auth_no_pass_cb), js->gc);
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	238 return JABBER_SASL_STATE_CONTINUE;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	239
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	240 /* If we've got a password, but aren't sending
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	241 * it in plaintext, see if we can turn on
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	242 * plaintext auth
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	243 */
30681 c8cf189bf6db jabber: This is more accurate, I think (e.g. Cyrus doesn't know what SCRAM-SHA-1 is) Paul Aurich <paul@darkrain42.org> parents: 30605 diff changeset	244 /* XXX Should we just check for PLAIN/LOGIN being offered mechanisms? */
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	245 } else if (!plaintext) {
30681 c8cf189bf6db jabber: This is more accurate, I think (e.g. Cyrus doesn't know what SCRAM-SHA-1 is) Paul Aurich <paul@darkrain42.org> parents: 30605 diff changeset	246 char *msg = g_strdup_printf(_("%s may require plaintext authentication over an unencrypted connection. Allow this and continue authentication?"),
29079 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 29078 diff changeset	247 purple_account_get_username(account));
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	248 purple_request_yes_no(js->gc, _("Plaintext Authentication"),
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	249 _("Plaintext Authentication"),
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	250 msg,
29079 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 29078 diff changeset	251 1, account, NULL, NULL, account,
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	252 allow_cyrus_plaintext_auth,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	253 disallow_plaintext_auth);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	254 g_free(msg);
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	255 return JABBER_SASL_STATE_CONTINUE;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	256
30385 6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	257 } else
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	258 js->auth_fail_count++;
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	259
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	260 if (js->auth_fail_count == 1 &&
30604 e9d540664ea3 jabber: Make that more future-proof by never generating "GSSAPI " Paul Aurich <paul@darkrain42.org> parents: 30603 diff changeset	261 (js->sasl_mechs->str && g_str_equal(js->sasl_mechs->str, "GSSAPI"))) {
30385 6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	262 /* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	263 * for compatibility with iChat 10.5 Server and other jabberd based servers.
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	264 *
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	265 * iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	266 * not configured on the client side, and expects a fallback to jabber:iq:auth when it (predictably) fails.
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	267 *
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	268 * Note: xep-0078 points out that using jabber:iq:auth after a sasl failure is wrong. However,
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	269 * I believe this refers to actual authentication failure, not a simple lack of concordant mechanisms.
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	270 * Doing otherwise means that simply compiling with SASL support renders the client unable to connect to servers
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	271 * which would connect without issue otherwise. -evands
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	272 */
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	273 js->auth_mech = NULL;
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	274 jabber_auth_start_old(js);
30429 1b1fee952341 jabber: trailing_whitespace--; Paul Aurich <paul@darkrain42.org> parents: 30411 diff changeset	275 return JABBER_SASL_STATE_CONTINUE;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	276 }
30287 a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	277
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	278 break;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	279
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	280 /* Fatal errors. Give up and go home */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	281 case SASL_BADPARAM:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	282 case SASL_NOMEM:
30288 a81d44a11d99 If SASL authentication fails, we generally shouldn't be setting an error Evan Schoenberg <evan.s@dreskin.net> parents: 30287 diff changeset	283 *error = g_strdup(_("SASL authentication failed"));
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	284 break;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	285
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	286 /* For everything else, fail the mechanism and try again */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	287 default:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	288 purple_debug_info("sasl", "sasl_state is %d, failing the mech and trying again\n", js->sasl_state);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	289
30385 6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	290 js->auth_fail_count++;
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	291
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	292 /*
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	293 * DAA: is this right?
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	294 * The manpage says that "mech" will contain the chosen mechanism on success.
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	295 * Presumably, if we get here that isn't the case and we shouldn't try again?
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	296 * I suspect that this never happens.
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	297 */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	298 /*
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	299 * SXW: Yes, this is right. What this handles is the situation where a
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	300 * mechanism, say GSSAPI, is tried. If that mechanism fails, it may be
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	301 * due to mechanism specific issues, so we want to try one of the other
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	302 * supported mechanisms. This code handles that case
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	303 */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	304 if (js->current_mech && *js->current_mech) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	305 char *pos;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	306 if ((pos = strstr(js->sasl_mechs->str, js->current_mech))) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	307 g_string_erase(js->sasl_mechs, pos-js->sasl_mechs->str, strlen(js->current_mech));
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	308 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	309 /* Remove space which separated this mech from the next */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	310 if ((js->sasl_mechs->str)[0] == ' ') {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	311 g_string_erase(js->sasl_mechs, 0, 1);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	312 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	313 again = TRUE;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	314 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	315
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	316 sasl_dispose(&js->sasl);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	317 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	318 } while (again);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	319
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	320 if (js->sasl_state == SASL_CONTINUE \|\| js->sasl_state == SASL_OK) {
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	321 xmlnode *auth = xmlnode_new("auth");
29097 cea22db36ffc jabber: Use NS_XMPP_SASL Paul Aurich <paul@darkrain42.org> parents: 29084 diff changeset	322 xmlnode_set_namespace(auth, NS_XMPP_SASL);
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	323 xmlnode_set_attrib(auth, "mechanism", js->current_mech);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	324
30271 a54e59c1c520 jabber: Only add the ga:client-uses-full-bind-result to gmail/googlemail domains Paul Aurich <paul@darkrain42.org> parents: 30079 diff changeset	325 if (g_str_equal(js->user->domain, "gmail.com") \|\|
a54e59c1c520 jabber: Only add the ga:client-uses-full-bind-result to gmail/googlemail domains Paul Aurich <paul@darkrain42.org> parents: 30079 diff changeset	326 g_str_equal(js->user->domain, "googlemail.com")) {
a54e59c1c520 jabber: Only add the ga:client-uses-full-bind-result to gmail/googlemail domains Paul Aurich <paul@darkrain42.org> parents: 30079 diff changeset	327 xmlnode_set_attrib(auth, "xmlns:ga", "http://www.google.com/talk/protocol/auth");
a54e59c1c520 jabber: Only add the ga:client-uses-full-bind-result to gmail/googlemail domains Paul Aurich <paul@darkrain42.org> parents: 30079 diff changeset	328 xmlnode_set_attrib(auth, "ga:client-uses-full-bind-result", "true");
a54e59c1c520 jabber: Only add the ga:client-uses-full-bind-result to gmail/googlemail domains Paul Aurich <paul@darkrain42.org> parents: 30079 diff changeset	329 }
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	330
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	331 if (clientout) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	332 if (coutlen == 0) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	333 xmlnode_insert_data(auth, "=", -1);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	334 } else {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	335 enc_out = purple_base64_encode((unsigned char*)clientout, coutlen);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	336 xmlnode_insert_data(auth, enc_out, -1);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	337 g_free(enc_out);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	338 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	339 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	340
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	341 *reply = auth;
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	342 return JABBER_SASL_STATE_CONTINUE;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	343 } else {
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	344 return JABBER_SASL_STATE_FAIL;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	345 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	346 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	347
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	348 static int
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	349 jabber_sasl_cb_log(void context, int level, const char message)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	350 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	351 if(level <= SASL_LOG_TRACE)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	352 purple_debug_info("sasl", "%s\n", message);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	353
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	354 return SASL_OK;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	355 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	356
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	357 static void
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	358 jabber_sasl_build_callbacks(JabberStream *js)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	359 {
29079 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 29078 diff changeset	360 PurpleAccount *account;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	361 int id;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	362
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	363 /* Set up our callbacks structure */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	364 if (js->sasl_cb == NULL)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	365 js->sasl_cb = g_new0(sasl_callback_t,6);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	366
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	367 id = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	368 js->sasl_cb[id].id = SASL_CB_GETREALM;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	369 js->sasl_cb[id].proc = jabber_sasl_cb_realm;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	370 js->sasl_cb[id].context = (void *)js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	371 id++;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	372
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	373 js->sasl_cb[id].id = SASL_CB_AUTHNAME;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	374 js->sasl_cb[id].proc = jabber_sasl_cb_simple;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	375 js->sasl_cb[id].context = (void *)js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	376 id++;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	377
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	378 js->sasl_cb[id].id = SASL_CB_USER;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	379 js->sasl_cb[id].proc = jabber_sasl_cb_simple;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	380 js->sasl_cb[id].context = (void *)js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	381 id++;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	382
29079 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 29078 diff changeset	383 account = purple_connection_get_account(js->gc);
de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 29078 diff changeset	384 if (purple_account_get_password(account) != NULL ) {
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	385 js->sasl_cb[id].id = SASL_CB_PASS;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	386 js->sasl_cb[id].proc = jabber_sasl_cb_secret;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	387 js->sasl_cb[id].context = (void *)js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	388 id++;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	389 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	390
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	391 js->sasl_cb[id].id = SASL_CB_LOG;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	392 js->sasl_cb[id].proc = jabber_sasl_cb_log;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	393 js->sasl_cb[id].context = (void*)js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	394 id++;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	395
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	396 js->sasl_cb[id].id = SASL_CB_LIST_END;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	397 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	398
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	399 static JabberSaslState
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	400 jabber_cyrus_start(JabberStream js, xmlnode mechanisms,
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29135 diff changeset	401 xmlnode reply, char error)
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	402 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	403 xmlnode *mechnode;
30410 1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 30385 diff changeset	404 JabberSaslState ret;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	405
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	406 js->sasl_mechs = g_string_new("");
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	407
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	408 for(mechnode = xmlnode_get_child(mechanisms, "mechanism"); mechnode;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	409 mechnode = xmlnode_get_next_twin(mechnode))
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	410 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	411 char *mech_name = xmlnode_get_data(mechnode);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	412
30605 40a8aae4b276 jabber: Document the other cyrus hack (ignoring EXTERNAL) Paul Aurich <paul@darkrain42.org> parents: 30604 diff changeset	413 /* Ignore blank mechanisms and EXTERNAL. External isn't
40a8aae4b276 jabber: Document the other cyrus hack (ignoring EXTERNAL) Paul Aurich <paul@darkrain42.org> parents: 30604 diff changeset	414 * supported, and Cyrus SASL's mechanism returns
40a8aae4b276 jabber: Document the other cyrus hack (ignoring EXTERNAL) Paul Aurich <paul@darkrain42.org> parents: 30604 diff changeset	415 * SASL_NOMECH when the caller (us) doesn't configure it.
40a8aae4b276 jabber: Document the other cyrus hack (ignoring EXTERNAL) Paul Aurich <paul@darkrain42.org> parents: 30604 diff changeset	416 * Except SASL_NOMECH is supposed to mean "no concordant
40a8aae4b276 jabber: Document the other cyrus hack (ignoring EXTERNAL) Paul Aurich <paul@darkrain42.org> parents: 30604 diff changeset	417 * mechanisms"... Easiest just to blacklist it (for now).
40a8aae4b276 jabber: Document the other cyrus hack (ignoring EXTERNAL) Paul Aurich <paul@darkrain42.org> parents: 30604 diff changeset	418 */
30430 1518b6b70556 jabber: Blacklist EXTERNAL when using Cyrus. Allows connecting when it's advertised. Paul Aurich <paul@darkrain42.org> parents: 30429 diff changeset	419 if (!mech_name \|\| !*mech_name \|\|
1518b6b70556 jabber: Blacklist EXTERNAL when using Cyrus. Allows connecting when it's advertised. Paul Aurich <paul@darkrain42.org> parents: 30429 diff changeset	420 g_str_equal(mech_name, "EXTERNAL")) {
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	421 g_free(mech_name);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	422 continue;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	423 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	424
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	425 g_string_append(js->sasl_mechs, mech_name);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	426 g_string_append_c(js->sasl_mechs, ' ');
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	427 g_free(mech_name);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	428 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	429
30604 e9d540664ea3 jabber: Make that more future-proof by never generating "GSSAPI " Paul Aurich <paul@darkrain42.org> parents: 30603 diff changeset	430 /* Strip off the trailing ' ' */
e9d540664ea3 jabber: Make that more future-proof by never generating "GSSAPI " Paul Aurich <paul@darkrain42.org> parents: 30603 diff changeset	431 if (js->sasl_mechs->len > 1)
e9d540664ea3 jabber: Make that more future-proof by never generating "GSSAPI " Paul Aurich <paul@darkrain42.org> parents: 30603 diff changeset	432 g_string_truncate(js->sasl_mechs, js->sasl_mechs->len - 1);
e9d540664ea3 jabber: Make that more future-proof by never generating "GSSAPI " Paul Aurich <paul@darkrain42.org> parents: 30603 diff changeset	433
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	434 jabber_sasl_build_callbacks(js);
30410 1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 30385 diff changeset	435 ret = jabber_auth_start_cyrus(js, reply, error);
1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 30385 diff changeset	436
1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 30385 diff changeset	437 /*
1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 30385 diff changeset	438 * Triggered if no overlap between server and client
1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 30385 diff changeset	439 * supported mechanisms.
1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 30385 diff changeset	440 */
1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 30385 diff changeset	441 if (ret == JABBER_SASL_STATE_FAIL && *error == NULL)
30411 b78b5e7ffe82 jabber: Found a better string in auth.c Paul Aurich <paul@darkrain42.org> parents: 30410 diff changeset	442 *error = g_strdup(_("Server does not use any supported authentication method"));
30410 1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 30385 diff changeset	443
1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 30385 diff changeset	444 return ret;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	445 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	446
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	447 static JabberSaslState
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	448 jabber_cyrus_handle_challenge(JabberStream js, xmlnode packet,
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29135 diff changeset	449 xmlnode reply, char error)
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	450 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	451 char *enc_in = xmlnode_get_data(packet);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	452 unsigned char *dec_in;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	453 char *enc_out;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	454 const char *c_out;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	455 unsigned int clen;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	456 gsize declen;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	457
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	458 dec_in = purple_base64_decode(enc_in, &declen);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	459
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	460 js->sasl_state = sasl_client_step(js->sasl, (char*)dec_in, declen,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	461 NULL, &c_out, &clen);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	462 g_free(enc_in);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	463 g_free(dec_in);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	464 if (js->sasl_state != SASL_CONTINUE && js->sasl_state != SASL_OK) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	465 gchar *tmp = g_strdup_printf(_("SASL error: %s"),
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	466 sasl_errdetail(js->sasl));
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	467 purple_debug_error("jabber", "Error is %d : %s\n",
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	468 js->sasl_state, sasl_errdetail(js->sasl));
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	469 *error = tmp;
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	470 return JABBER_SASL_STATE_FAIL;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	471 } else {
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	472 xmlnode *response = xmlnode_new("response");
29097 cea22db36ffc jabber: Use NS_XMPP_SASL Paul Aurich <paul@darkrain42.org> parents: 29084 diff changeset	473 xmlnode_set_namespace(response, NS_XMPP_SASL);
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	474 if (clen > 0) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	475 /* Cyrus SASL 2.1.22 appears to contain code to add the charset
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	476 * to the response for DIGEST-MD5 but there is no possibility
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	477 * it will be executed.
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	478 *
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	479 * My reading of the digestmd5 plugin indicates the username and
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	480 * realm are always encoded in UTF-8 (they seem to be the values
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	481 * we pass in), so we need to ensure charset=utf-8 is set.
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	482 */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	483 if (!purple_strequal(js->current_mech, "DIGEST-MD5") \|\|
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	484 strstr(c_out, ",charset="))
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	485 /* If we're not using DIGEST-MD5 or Cyrus SASL is fixed */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	486 enc_out = purple_base64_encode((unsigned char*)c_out, clen);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	487 else {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	488 char *tmp = g_strdup_printf("%s,charset=utf-8", c_out);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	489 enc_out = purple_base64_encode((unsigned char*)tmp, clen + 14);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	490 g_free(tmp);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	491 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	492
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	493 xmlnode_insert_data(response, enc_out, -1);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	494 g_free(enc_out);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	495 }
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	496
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	497 *reply = response;
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	498 return JABBER_SASL_STATE_CONTINUE;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	499 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	500 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	501
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	502 static JabberSaslState
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	503 jabber_cyrus_handle_success(JabberStream js, xmlnode packet,
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29135 diff changeset	504 char **error)
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	505 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	506 const void *x;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	507
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	508 /* The SASL docs say that if the client hasn't returned OK yet, we
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	509 * should try one more round against it
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	510 */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	511 if (js->sasl_state != SASL_OK) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	512 char *enc_in = xmlnode_get_data(packet);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	513 unsigned char *dec_in = NULL;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	514 const char *c_out;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	515 unsigned int clen;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	516 gsize declen = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	517
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	518 if(enc_in != NULL)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	519 dec_in = purple_base64_decode(enc_in, &declen);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	520
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	521 js->sasl_state = sasl_client_step(js->sasl, (char*)dec_in, declen, NULL, &c_out, &clen);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	522
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	523 g_free(enc_in);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	524 g_free(dec_in);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	525
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	526 if (js->sasl_state != SASL_OK) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	527 /* This should never happen! */
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29135 diff changeset	528 *error = g_strdup(_("Invalid response from server"));
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	529 g_return_val_if_reached(JABBER_SASL_STATE_FAIL);
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	530 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	531 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	532
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	533 /* If we've negotiated a security layer, we need to enable it */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	534 if (js->sasl) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	535 sasl_getprop(js->sasl, SASL_SSF, &x);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	536 if ((int )x > 0) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	537 sasl_getprop(js->sasl, SASL_MAXOUTBUF, &x);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	538 js->sasl_maxbuf = (int )x;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	539 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	540 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	541
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	542 return JABBER_SASL_STATE_OK;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	543 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	544
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	545 static JabberSaslState
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	546 jabber_cyrus_handle_failure(JabberStream js, xmlnode packet,
29136 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 29135 diff changeset	547 xmlnode reply, char error)
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	548 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	549 if (js->auth_fail_count++ < 5) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	550 if (js->current_mech && *js->current_mech) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	551 char *pos;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	552 if ((pos = strstr(js->sasl_mechs->str, js->current_mech))) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	553 g_string_erase(js->sasl_mechs, pos-js->sasl_mechs->str, strlen(js->current_mech));
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	554 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	555 /* Remove space which separated this mech from the next */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	556 if ((js->sasl_mechs->str)[0] == ' ') {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	557 g_string_erase(js->sasl_mechs, 0, 1);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	558 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	559 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	560 if (*js->sasl_mechs->str) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	561 /* If we have remaining mechs to try, do so */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	562 sasl_dispose(&js->sasl);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	563
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	564 return jabber_auth_start_cyrus(js, reply, error);
30287 a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	565
30430 1518b6b70556 jabber: Blacklist EXTERNAL when using Cyrus. Allows connecting when it's advertised. Paul Aurich <paul@darkrain42.org> parents: 30429 diff changeset	566 } else if ((js->auth_fail_count == 1) &&
30287 a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	567 (js->current_mech && g_str_equal(js->current_mech, "GSSAPI"))) {
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	568 /* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth
30385 6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	569 * for compatibility with iChat 10.5 Server and other jabberd based servers.
30287 a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	570 *
30385 6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 30292 diff changeset	571 * iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often
30287 a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	572 * not configured on the client side, and expects a fallback to jabber:iq:auth when it (predictably) fails.
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	573 *
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	574 * Note: xep-0078 points out that using jabber:iq:auth after a sasl failure is wrong. However,
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	575 * I believe this refers to actual authentication failure, not a simple lack of concordant mechanisms.
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	576 * Doing otherwise means that simply compiling with SASL support renders the client unable to connect to servers
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	577 * which would connect without issue otherwise. -evands
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	578 */
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	579 sasl_dispose(&js->sasl);
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	580 js->sasl = NULL;
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	581 js->auth_mech = NULL;
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	582 jabber_auth_start_old(js);
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 30271 diff changeset	583 return JABBER_SASL_STATE_CONTINUE;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	584 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	585 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	586
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	587 /* Nothing to send */
29135 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 29097 diff changeset	588 return JABBER_SASL_STATE_FAIL;
29078 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	589 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	590
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	591 static JabberSaslMech cyrus_mech = {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	592 100, /* priority */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	593 "", / name; Cyrus provides a bunch of mechanisms, so use an invalid
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	594 * mechanism name (per rfc4422 3.1). */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	595 jabber_cyrus_start,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	596 jabber_cyrus_handle_challenge,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	597 jabber_cyrus_handle_success,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	598 jabber_cyrus_handle_failure,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	599 NULL,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	600 };
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	601
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	602 JabberSaslMech *jabber_auth_get_cyrus_mech(void)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	603 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	604 return &cyrus_mech;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	605 }

Mercurial > pidgin.yaz

annotate libpurple/protocols/jabber/auth_cyrus.c @ 30852:9789e8e7d834