Mercurial > pidgin.yaz
comparison src/protocols/jabber/auth.c @ 12543:09cae5fdd5b6
[gaim-migrate @ 14860]
cyrus sasl works for PLAIN now too, and it even logs!
committer: Tailor Script <tailor@pidgin.im>
| author | Nathan Walp <nwalp@pidgin.im> |
|---|---|
| date | Sat, 17 Dec 2005 22:12:15 +0000 |
| parents | b0ba132271a9 |
| children | 1e0caf8f40dc |
comparison
equal
deleted
inserted
replaced
| 12542:038ac22dd79b | 12543:09cae5fdd5b6 |
|---|---|
| 138 switch(id) { | 138 switch(id) { |
| 139 case SASL_CB_AUTHNAME: | 139 case SASL_CB_AUTHNAME: |
| 140 *res = js->user->node; | 140 *res = js->user->node; |
| 141 break; | 141 break; |
| 142 case SASL_CB_USER: | 142 case SASL_CB_USER: |
| 143 *res = js->user->node; | 143 *res = ""; |
| 144 break; | 144 break; |
| 145 default: | 145 default: |
| 146 return SASL_BADPARAM; | 146 return SASL_BADPARAM; |
| 147 } | 147 } |
| 148 if (len) *len = strlen((char *)*res); | 148 if (len) *len = strlen((char *)*res); |
| 190 gboolean plaintext = TRUE; | 190 gboolean plaintext = TRUE; |
| 191 | 191 |
| 192 /* Set up security properties and options */ | 192 /* Set up security properties and options */ |
| 193 secprops.min_ssf = 0; | 193 secprops.min_ssf = 0; |
| 194 secprops.security_flags = SASL_SEC_NOANONYMOUS; | 194 secprops.security_flags = SASL_SEC_NOANONYMOUS; |
| 195 secprops.max_ssf = -1; | |
| 196 secprops.maxbufsize = -1; | |
| 195 | 197 |
| 196 if (!js->gsc) { | 198 if (!js->gsc) { |
| 197 plaintext = gaim_account_get_bool(js->gc->account, "auth_plain_in_clear", FALSE); | 199 plaintext = gaim_account_get_bool(js->gc->account, "auth_plain_in_clear", FALSE); |
| 198 if (!plaintext) | 200 if (!plaintext) |
| 199 secprops.security_flags |= SASL_SEC_NOPLAINTEXT; | 201 secprops.security_flags |= SASL_SEC_NOPLAINTEXT; |
| 200 secprops.max_ssf = -1; | |
| 201 secprops.maxbufsize = 4096; | |
| 202 } else { | 202 } else { |
| 203 plaintext = TRUE; | 203 plaintext = TRUE; |
| 204 secprops.max_ssf = 0; | |
| 205 secprops.maxbufsize = 0; | |
| 206 } | 204 } |
| 207 secprops.property_names = 0; | 205 secprops.property_names = 0; |
| 208 secprops.property_values = 0; | 206 secprops.property_values = 0; |
| 209 | 207 |
| 210 do { | 208 do { |
| 216 */ | 214 */ |
| 217 | 215 |
| 218 js->sasl_state = sasl_client_new("xmpp", js->user->domain, NULL, NULL, js->sasl_cb, 0, &js->sasl); | 216 js->sasl_state = sasl_client_new("xmpp", js->user->domain, NULL, NULL, js->sasl_cb, 0, &js->sasl); |
| 219 if (js->sasl_state==SASL_OK) { | 217 if (js->sasl_state==SASL_OK) { |
| 220 sasl_setprop(js->sasl, SASL_SEC_PROPS, &secprops); | 218 sasl_setprop(js->sasl, SASL_SEC_PROPS, &secprops); |
| 219 gaim_debug_info("sasl", "Mechs found: %s\n", js->sasl_mechs->str); | |
| 221 js->sasl_state = sasl_client_start(js->sasl, js->sasl_mechs->str, NULL, &clientout, &coutlen, &mech); | 220 js->sasl_state = sasl_client_start(js->sasl, js->sasl_mechs->str, NULL, &clientout, &coutlen, &mech); |
| 222 } | 221 } |
| 223 switch (js->sasl_state) { | 222 switch (js->sasl_state) { |
| 224 /* Success */ | 223 /* Success */ |
| 224 case SASL_OK: | |
| 225 case SASL_CONTINUE: | 225 case SASL_CONTINUE: |
| 226 break; | 226 break; |
| 227 case SASL_NOMECH: | 227 case SASL_NOMECH: |
| 228 /* No mechanisms do what we want. See if we can add | 228 /* No mechanisms do what we want. See if we can add |
| 229 * plaintext ones to the list. */ | 229 * plaintext ones to the list. */ |
| 251 case SASL_NOMEM: | 251 case SASL_NOMEM: |
| 252 break; | 252 break; |
| 253 | 253 |
| 254 /* For everything else, fail the mechanism and try again */ | 254 /* For everything else, fail the mechanism and try again */ |
| 255 default: | 255 default: |
| 256 gaim_debug_info("sasl", "sasl_state is %d, failing the mech and trying again\n", js->sasl_state); | |
| 256 if (strlen(mech)>0) { | 257 if (strlen(mech)>0) { |
| 257 char *pos; | 258 char *pos; |
| 258 pos = strstr(js->sasl_mechs->str,mech); | 259 pos = strstr(js->sasl_mechs->str,mech); |
| 259 g_assert(pos!=NULL); | 260 g_assert(pos!=NULL); |
| 260 g_string_erase(js->sasl_mechs, pos-js->sasl_mechs->str,strlen(mech)); | 261 g_string_erase(js->sasl_mechs, pos-js->sasl_mechs->str,strlen(mech)); |
| 262 sasl_dispose(&js->sasl); | 263 sasl_dispose(&js->sasl); |
| 263 again=TRUE; | 264 again=TRUE; |
| 264 } | 265 } |
| 265 } while (again); | 266 } while (again); |
| 266 | 267 |
| 267 if (js->sasl_state == SASL_CONTINUE) { | 268 if (js->sasl_state == SASL_CONTINUE || js->sasl_state == SASL_OK) { |
| 268 auth = xmlnode_new("auth"); | 269 auth = xmlnode_new("auth"); |
| 269 xmlnode_set_attrib(auth, "xmlns", "urn:ietf:params:xml:ns:xmpp-sasl"); | 270 xmlnode_set_attrib(auth, "xmlns", "urn:ietf:params:xml:ns:xmpp-sasl"); |
| 270 xmlnode_set_attrib(auth,"mechanism", mech); | 271 xmlnode_set_attrib(auth,"mechanism", mech); |
| 271 if (clientout) { | 272 if (clientout) { |
| 272 if (coutlen == 0) { | 273 if (coutlen == 0) { |
| 280 jabber_send(js, auth); | 281 jabber_send(js, auth); |
| 281 xmlnode_free(auth); | 282 xmlnode_free(auth); |
| 282 } else { | 283 } else { |
| 283 gaim_connection_error(js->gc, "SASL authentication failed\n"); | 284 gaim_connection_error(js->gc, "SASL authentication failed\n"); |
| 284 } | 285 } |
| 286 } | |
| 287 | |
| 288 static int | |
| 289 jabber_sasl_cb_log(void *context, int level, const char *message) | |
| 290 { | |
| 291 if(level <= SASL_LOG_TRACE) | |
| 292 gaim_debug_info("sasl", "%s\n", message); | |
| 293 | |
| 294 return SASL_OK; | |
| 285 } | 295 } |
| 286 | 296 |
| 287 #endif | 297 #endif |
| 288 | 298 |
| 289 void | 299 void |
| 332 | 342 |
| 333 #ifdef HAVE_CYRUS_SASL | 343 #ifdef HAVE_CYRUS_SASL |
| 334 js->auth_type = JABBER_AUTH_CYRUS; | 344 js->auth_type = JABBER_AUTH_CYRUS; |
| 335 | 345 |
| 336 /* Set up our callbacks structure */ | 346 /* Set up our callbacks structure */ |
| 337 js->sasl_cb = g_new0(sasl_callback_t,5); | 347 js->sasl_cb = g_new0(sasl_callback_t,6); |
| 338 | 348 |
| 339 id = 0; | 349 id = 0; |
| 340 js->sasl_cb[id].id = SASL_CB_GETREALM; | 350 js->sasl_cb[id].id = SASL_CB_GETREALM; |
| 341 js->sasl_cb[id].proc = jabber_sasl_cb_realm; | 351 js->sasl_cb[id].proc = jabber_sasl_cb_realm; |
| 342 js->sasl_cb[id].context = (void *)js; | 352 js->sasl_cb[id].context = (void *)js; |
| 356 js->sasl_cb[id].id = SASL_CB_PASS; | 366 js->sasl_cb[id].id = SASL_CB_PASS; |
| 357 js->sasl_cb[id].proc = jabber_sasl_cb_secret; | 367 js->sasl_cb[id].proc = jabber_sasl_cb_secret; |
| 358 js->sasl_cb[id].context = (void *)js; | 368 js->sasl_cb[id].context = (void *)js; |
| 359 id++; | 369 id++; |
| 360 } | 370 } |
| 371 | |
| 372 js->sasl_cb[id].id = SASL_CB_LOG; | |
| 373 js->sasl_cb[id].proc = jabber_sasl_cb_log; | |
| 374 js->sasl_cb[id].context = (void*)js; | |
| 375 id++; | |
| 361 | 376 |
| 362 js->sasl_cb[id].id = SASL_CB_LIST_END; | 377 js->sasl_cb[id].id = SASL_CB_LIST_END; |
| 363 | 378 |
| 364 jabber_auth_start_cyrus(js); | 379 jabber_auth_start_cyrus(js); |
| 365 #else | 380 #else |
| 686 else if (js->auth_type == JABBER_AUTH_CYRUS) { | 701 else if (js->auth_type == JABBER_AUTH_CYRUS) { |
| 687 char *enc_in = xmlnode_get_data(packet); | 702 char *enc_in = xmlnode_get_data(packet); |
| 688 unsigned char *dec_in; | 703 unsigned char *dec_in; |
| 689 char *enc_out; | 704 char *enc_out; |
| 690 const char *c_out; | 705 const char *c_out; |
| 691 unsigned int clen,declen; | 706 unsigned int clen; |
| 707 gsize declen; | |
| 692 xmlnode *response; | 708 xmlnode *response; |
| 693 | 709 |
| 694 dec_in = gaim_base64_decode(enc_in, &declen); | 710 dec_in = gaim_base64_decode(enc_in, &declen); |
| 695 | 711 |
| 696 js->sasl_state = sasl_client_step(js->sasl, (char*)dec_in, declen, | 712 js->sasl_state = sasl_client_step(js->sasl, (char*)dec_in, declen, |