pidgin: libpurple/protocols/jabber/auth

annotate libpurple/protocols/jabber/auth_cyrus.c @ 31558:ce968e115c95

propagate from branch 'im.pidgin.cpw.masca.p2p' (head 33ca865dacb9e5bcf763d06f6a42cbaca337cc64) to branch 'im.pidgin.pidgin' (head 92f47f4e8b0cbb107fd97e1ab814d1cedbf109ad)

author	Elliott Sales de Andrade <qulogic@pidgin.im>
date	Fri, 06 May 2011 06:25:14 +0000
parents	84e9eb0ae4d5
children	b1a6535f99d9

rev	line source
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	1 /*
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	2 * purple - Jabber Protocol Plugin
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	3 *
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	4 * Purple is the legal property of its developers, whose names are too numerous
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	5 * to list here. Please refer to the COPYRIGHT file distributed with this
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	6 * source distribution.
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	7 *
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	8 * This program is free software; you can redistribute it and/or modify
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	9 * it under the terms of the GNU General Public License as published by
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	10 * the Free Software Foundation; either version 2 of the License, or
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	11 * (at your option) any later version.
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	12 *
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	13 * This program is distributed in the hope that it will be useful,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	16 * GNU General Public License for more details.
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	17 *
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	18 * You should have received a copy of the GNU General Public License
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	19 * along with this program; if not, write to the Free Software
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	21 *
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	22 */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	23 #include "internal.h"
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	24 #include "core.h"
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	25 #include "debug.h"
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	26 #include "request.h"
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	27
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	28 #include "auth.h"
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	29 #include "jabber.h"
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	30
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	31 static JabberSaslState jabber_auth_start_cyrus(JabberStream js, xmlnode *reply,
28754 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 28753 diff changeset	32 char **error);
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	33 static void jabber_sasl_build_callbacks(JabberStream *);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	34
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	35 static void disallow_plaintext_auth(PurpleAccount *account)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	36 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	37 purple_connection_error_reason(purple_account_get_connection(account),
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	38 PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR,
30252 c8cf189bf6db jabber: This is more accurate, I think (e.g. Cyrus doesn't know what SCRAM-SHA-1 is) Paul Aurich <paul@darkrain42.org> parents: 30179 diff changeset	39 _("Server may require plaintext authentication over an unencrypted stream"));
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	40 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	41
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	42 static void start_cyrus_wrapper(JabberStream *js)
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	43 {
28754 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 28753 diff changeset	44 char *error = NULL;
b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 28753 diff changeset	45 xmlnode *response = NULL;
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	46 JabberSaslState state = jabber_auth_start_cyrus(js, &response, &error);
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	47
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	48 if (state == JABBER_SASL_STATE_FAIL) {
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	49 purple_connection_error_reason(js->gc,
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	50 PURPLE_CONNECTION_ERROR_AUTHENTICATION_IMPOSSIBLE,
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	51 error);
28754 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 28753 diff changeset	52 g_free(error);
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	53 } else if (response) {
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	54 jabber_send(js, response);
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	55 xmlnode_free(response);
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	56 }
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	57 }
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	58
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	59
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	60 /* Callbacks for Cyrus SASL */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	61
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	62 static int jabber_sasl_cb_realm(void ctx, int id, const char avail, const char *result)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	63 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	64 JabberStream *js = ctx;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	65
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	66 if (id != SASL_CB_GETREALM \|\| !result) return SASL_BADPARAM;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	67
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	68 *result = js->user->domain;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	69
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	70 return SASL_OK;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	71 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	72
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	73 static int jabber_sasl_cb_simple(void ctx, int id, const char res, unsigned len)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	74 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	75 JabberStream *js = ctx;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	76
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	77 switch(id) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	78 case SASL_CB_AUTHNAME:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	79 *res = js->user->node;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	80 break;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	81 case SASL_CB_USER:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	82 *res = "";
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	83 break;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	84 default:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	85 return SASL_BADPARAM;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	86 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	87 if (len) len = strlen((char )*res);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	88 return SASL_OK;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	89 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	90
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	91 static int jabber_sasl_cb_secret(sasl_conn_t conn, void ctx, int id, sasl_secret_t **secret)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	92 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	93 JabberStream *js = ctx;
28697 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 28696 diff changeset	94 PurpleAccount *account;
de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 28696 diff changeset	95 const char *pw;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	96 size_t len;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	97
28700 8ed52586826b More oops. Paul Aurich <paul@darkrain42.org> parents: 28697 diff changeset	98 account = purple_connection_get_account(js->gc);
28697 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 28696 diff changeset	99 pw = purple_account_get_password(account);
de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 28696 diff changeset	100
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	101 if (!conn \|\| !secret \|\| id != SASL_CB_PASS)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	102 return SASL_BADPARAM;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	103
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	104 len = strlen(pw);
30419 9789e8e7d834 jabber: Document this not being an off-by-one... Paul Aurich <paul@darkrain42.org> parents: 30252 diff changeset	105 /* Not an off-by-one because sasl_secret_t defines char data[1] */
30448 a5131a257967 jabber: Fix a pernicious race condition in our cyrus auth code Paul Aurich <paul@darkrain42.org> parents: 30432 diff changeset	106 /* TODO: This can probably be moved to glib's allocator */
a5131a257967 jabber: Fix a pernicious race condition in our cyrus auth code Paul Aurich <paul@darkrain42.org> parents: 30432 diff changeset	107 js->sasl_secret = malloc(sizeof(sasl_secret_t) + len);
a5131a257967 jabber: Fix a pernicious race condition in our cyrus auth code Paul Aurich <paul@darkrain42.org> parents: 30432 diff changeset	108 if (!js->sasl_secret)
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	109 return SASL_NOMEM;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	110
30448 a5131a257967 jabber: Fix a pernicious race condition in our cyrus auth code Paul Aurich <paul@darkrain42.org> parents: 30432 diff changeset	111 js->sasl_secret->len = len;
a5131a257967 jabber: Fix a pernicious race condition in our cyrus auth code Paul Aurich <paul@darkrain42.org> parents: 30432 diff changeset	112 strcpy((char*)js->sasl_secret->data, pw);
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	113
30448 a5131a257967 jabber: Fix a pernicious race condition in our cyrus auth code Paul Aurich <paul@darkrain42.org> parents: 30432 diff changeset	114 *secret = js->sasl_secret;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	115 return SASL_OK;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	116 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	117
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	118 static void allow_cyrus_plaintext_auth(PurpleAccount *account)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	119 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	120 PurpleConnection *gc;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	121 JabberStream *js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	122
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	123 gc = purple_account_get_connection(account);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	124 js = purple_connection_get_protocol_data(gc);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	125
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	126 purple_account_set_bool(account, "auth_plain_in_clear", TRUE);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	127
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	128 start_cyrus_wrapper(js);
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	129 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	130
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	131 static void auth_pass_cb(PurpleConnection gc, PurpleRequestFields fields)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	132 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	133 PurpleAccount *account;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	134 JabberStream *js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	135 const char *entry;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	136 gboolean remember;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	137
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	138 /* The password prompt dialog doesn't get disposed if the account disconnects */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	139 if (!PURPLE_CONNECTION_IS_VALID(gc))
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	140 return;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	141
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	142 account = purple_connection_get_account(gc);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	143 js = purple_connection_get_protocol_data(gc);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	144
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	145 entry = purple_request_fields_get_string(fields, "password");
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	146 remember = purple_request_fields_get_bool(fields, "remember");
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	147
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	148 if (!entry \|\| !*entry)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	149 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	150 purple_notify_error(account, NULL, _("Password is required to sign on."), NULL);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	151 return;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	152 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	153
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	154 if (remember)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	155 purple_account_set_remember_password(account, TRUE);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	156
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	157 purple_account_set_password(account, entry);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	158
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	159 /* Rebuild our callbacks as we now have a password to offer */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	160 jabber_sasl_build_callbacks(js);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	161
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	162 /* Restart our negotiation */
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	163 start_cyrus_wrapper(js);
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	164 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	165
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	166 static void
28701 da2ce5d8d4b4 jabber: A little more use of accessors. Paul Aurich <paul@darkrain42.org> parents: 28700 diff changeset	167 auth_no_pass_cb(PurpleConnection gc, PurpleRequestFields fields)
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	168 {
28701 da2ce5d8d4b4 jabber: A little more use of accessors. Paul Aurich <paul@darkrain42.org> parents: 28700 diff changeset	169 PurpleAccount *account;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	170 JabberStream *js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	171
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	172 /* The password prompt dialog doesn't get disposed if the account disconnects */
28701 da2ce5d8d4b4 jabber: A little more use of accessors. Paul Aurich <paul@darkrain42.org> parents: 28700 diff changeset	173 if (!PURPLE_CONNECTION_IS_VALID(gc))
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	174 return;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	175
28701 da2ce5d8d4b4 jabber: A little more use of accessors. Paul Aurich <paul@darkrain42.org> parents: 28700 diff changeset	176 account = purple_connection_get_account(gc);
da2ce5d8d4b4 jabber: A little more use of accessors. Paul Aurich <paul@darkrain42.org> parents: 28700 diff changeset	177 js = purple_connection_get_protocol_data(gc);
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	178
30432 1cdae196aac8 Standardize on "cancelled". Elliott Sales de Andrade <qulogic@pidgin.im> parents: 30419 diff changeset	179 /* Disable the account as the user has cancelled connecting */
28701 da2ce5d8d4b4 jabber: A little more use of accessors. Paul Aurich <paul@darkrain42.org> parents: 28700 diff changeset	180 purple_account_set_enabled(account, purple_core_get_ui(), FALSE);
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	181 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	182
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	183 static JabberSaslState
28754 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 28753 diff changeset	184 jabber_auth_start_cyrus(JabberStream js, xmlnode reply, char *error)
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	185 {
28697 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 28696 diff changeset	186 PurpleAccount *account;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	187 const char *clientout = NULL;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	188 char *enc_out;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	189 unsigned coutlen = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	190 sasl_security_properties_t secprops;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	191 gboolean again;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	192 gboolean plaintext = TRUE;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	193
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	194 /* Set up security properties and options */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	195 secprops.min_ssf = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	196 secprops.security_flags = SASL_SEC_NOANONYMOUS;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	197
28697 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 28696 diff changeset	198 account = purple_connection_get_account(js->gc);
de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 28696 diff changeset	199
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	200 if (!jabber_stream_is_ssl(js)) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	201 secprops.max_ssf = -1;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	202 secprops.maxbufsize = 4096;
28697 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 28696 diff changeset	203 plaintext = purple_account_get_bool(account, "auth_plain_in_clear", FALSE);
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	204 if (!plaintext)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	205 secprops.security_flags \|= SASL_SEC_NOPLAINTEXT;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	206 } else {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	207 secprops.max_ssf = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	208 secprops.maxbufsize = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	209 plaintext = TRUE;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	210 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	211 secprops.property_names = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	212 secprops.property_values = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	213
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	214 do {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	215 again = FALSE;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	216
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	217 js->sasl_state = sasl_client_new("xmpp", js->serverFQDN, NULL, NULL, js->sasl_cb, 0, &js->sasl);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	218 if (js->sasl_state==SASL_OK) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	219 sasl_setprop(js->sasl, SASL_SEC_PROPS, &secprops);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	220 purple_debug_info("sasl", "Mechs found: %s\n", js->sasl_mechs->str);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	221 js->sasl_state = sasl_client_start(js->sasl, js->sasl_mechs->str, NULL, &clientout, &coutlen, &js->current_mech);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	222 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	223 switch (js->sasl_state) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	224 /* Success */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	225 case SASL_OK:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	226 case SASL_CONTINUE:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	227 break;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	228 case SASL_NOMECH:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	229 /* No mechanisms have offered to help */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	230
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	231 /* Firstly, if we don't have a password try
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	232 * to get one
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	233 */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	234
28697 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 28696 diff changeset	235 if (!purple_account_get_password(account)) {
de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 28696 diff changeset	236 purple_account_request_password(account, G_CALLBACK(auth_pass_cb), G_CALLBACK(auth_no_pass_cb), js->gc);
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	237 return JABBER_SASL_STATE_CONTINUE;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	238
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	239 /* If we've got a password, but aren't sending
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	240 * it in plaintext, see if we can turn on
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	241 * plaintext auth
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	242 */
30252 c8cf189bf6db jabber: This is more accurate, I think (e.g. Cyrus doesn't know what SCRAM-SHA-1 is) Paul Aurich <paul@darkrain42.org> parents: 30179 diff changeset	243 /* XXX Should we just check for PLAIN/LOGIN being offered mechanisms? */
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	244 } else if (!plaintext) {
30252 c8cf189bf6db jabber: This is more accurate, I think (e.g. Cyrus doesn't know what SCRAM-SHA-1 is) Paul Aurich <paul@darkrain42.org> parents: 30179 diff changeset	245 char *msg = g_strdup_printf(_("%s may require plaintext authentication over an unencrypted connection. Allow this and continue authentication?"),
28697 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 28696 diff changeset	246 purple_account_get_username(account));
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	247 purple_request_yes_no(js->gc, _("Plaintext Authentication"),
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	248 _("Plaintext Authentication"),
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	249 msg,
28697 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 28696 diff changeset	250 1, account, NULL, NULL, account,
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	251 allow_cyrus_plaintext_auth,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	252 disallow_plaintext_auth);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	253 g_free(msg);
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	254 return JABBER_SASL_STATE_CONTINUE;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	255
29965 6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	256 } else
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	257 js->auth_fail_count++;
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	258
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	259 if (js->auth_fail_count == 1 &&
30178 e9d540664ea3 jabber: Make that more future-proof by never generating "GSSAPI " Paul Aurich <paul@darkrain42.org> parents: 30177 diff changeset	260 (js->sasl_mechs->str && g_str_equal(js->sasl_mechs->str, "GSSAPI"))) {
29965 6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	261 /* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	262 * for compatibility with iChat 10.5 Server and other jabberd based servers.
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	263 *
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	264 * iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	265 * not configured on the client side, and expects a fallback to jabber:iq:auth when it (predictably) fails.
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	266 *
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	267 * Note: xep-0078 points out that using jabber:iq:auth after a sasl failure is wrong. However,
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	268 * I believe this refers to actual authentication failure, not a simple lack of concordant mechanisms.
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	269 * Doing otherwise means that simply compiling with SASL support renders the client unable to connect to servers
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	270 * which would connect without issue otherwise. -evands
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	271 */
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	272 js->auth_mech = NULL;
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	273 jabber_auth_start_old(js);
30009 1b1fee952341 jabber: trailing_whitespace--; Paul Aurich <paul@darkrain42.org> parents: 29991 diff changeset	274 return JABBER_SASL_STATE_CONTINUE;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	275 }
29872 a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	276
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	277 break;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	278
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	279 /* Fatal errors. Give up and go home */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	280 case SASL_BADPARAM:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	281 case SASL_NOMEM:
29873 a81d44a11d99 If SASL authentication fails, we generally shouldn't be setting an error Evan Schoenberg <evan.s@dreskin.net> parents: 29872 diff changeset	282 *error = g_strdup(_("SASL authentication failed"));
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	283 break;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	284
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	285 /* For everything else, fail the mechanism and try again */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	286 default:
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	287 purple_debug_info("sasl", "sasl_state is %d, failing the mech and trying again\n", js->sasl_state);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	288
29965 6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	289 js->auth_fail_count++;
6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	290
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	291 /*
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	292 * DAA: is this right?
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	293 * The manpage says that "mech" will contain the chosen mechanism on success.
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	294 * Presumably, if we get here that isn't the case and we shouldn't try again?
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	295 * I suspect that this never happens.
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	296 */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	297 /*
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	298 * SXW: Yes, this is right. What this handles is the situation where a
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	299 * mechanism, say GSSAPI, is tried. If that mechanism fails, it may be
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	300 * due to mechanism specific issues, so we want to try one of the other
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	301 * supported mechanisms. This code handles that case
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	302 */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	303 if (js->current_mech && *js->current_mech) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	304 char *pos;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	305 if ((pos = strstr(js->sasl_mechs->str, js->current_mech))) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	306 g_string_erase(js->sasl_mechs, pos-js->sasl_mechs->str, strlen(js->current_mech));
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	307 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	308 /* Remove space which separated this mech from the next */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	309 if ((js->sasl_mechs->str)[0] == ' ') {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	310 g_string_erase(js->sasl_mechs, 0, 1);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	311 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	312 again = TRUE;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	313 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	314
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	315 sasl_dispose(&js->sasl);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	316 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	317 } while (again);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	318
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	319 if (js->sasl_state == SASL_CONTINUE \|\| js->sasl_state == SASL_OK) {
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	320 xmlnode *auth = xmlnode_new("auth");
28715 cea22db36ffc jabber: Use NS_XMPP_SASL Paul Aurich <paul@darkrain42.org> parents: 28702 diff changeset	321 xmlnode_set_namespace(auth, NS_XMPP_SASL);
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	322 xmlnode_set_attrib(auth, "mechanism", js->current_mech);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	323
30564 3f5ff1ea4802 jabber: Partial revert (everything but ChangeLog) of 945ef5abc5 Paul Aurich <paul@darkrain42.org> parents: 30448 diff changeset	324 xmlnode_set_attrib(auth, "xmlns:ga", "http://www.google.com/talk/protocol/auth");
3f5ff1ea4802 jabber: Partial revert (everything but ChangeLog) of 945ef5abc5 Paul Aurich <paul@darkrain42.org> parents: 30448 diff changeset	325 xmlnode_set_attrib(auth, "ga:client-uses-full-bind-result", "true");
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	326
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	327 if (clientout) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	328 if (coutlen == 0) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	329 xmlnode_insert_data(auth, "=", -1);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	330 } else {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	331 enc_out = purple_base64_encode((unsigned char*)clientout, coutlen);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	332 xmlnode_insert_data(auth, enc_out, -1);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	333 g_free(enc_out);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	334 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	335 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	336
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	337 *reply = auth;
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	338 return JABBER_SASL_STATE_CONTINUE;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	339 } else {
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	340 return JABBER_SASL_STATE_FAIL;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	341 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	342 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	343
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	344 static int
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	345 jabber_sasl_cb_log(void context, int level, const char message)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	346 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	347 if(level <= SASL_LOG_TRACE)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	348 purple_debug_info("sasl", "%s\n", message);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	349
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	350 return SASL_OK;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	351 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	352
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	353 static void
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	354 jabber_sasl_build_callbacks(JabberStream *js)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	355 {
28697 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 28696 diff changeset	356 PurpleAccount *account;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	357 int id;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	358
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	359 /* Set up our callbacks structure */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	360 if (js->sasl_cb == NULL)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	361 js->sasl_cb = g_new0(sasl_callback_t,6);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	362
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	363 id = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	364 js->sasl_cb[id].id = SASL_CB_GETREALM;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	365 js->sasl_cb[id].proc = jabber_sasl_cb_realm;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	366 js->sasl_cb[id].context = (void *)js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	367 id++;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	368
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	369 js->sasl_cb[id].id = SASL_CB_AUTHNAME;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	370 js->sasl_cb[id].proc = jabber_sasl_cb_simple;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	371 js->sasl_cb[id].context = (void *)js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	372 id++;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	373
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	374 js->sasl_cb[id].id = SASL_CB_USER;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	375 js->sasl_cb[id].proc = jabber_sasl_cb_simple;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	376 js->sasl_cb[id].context = (void *)js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	377 id++;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	378
28697 de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 28696 diff changeset	379 account = purple_connection_get_account(js->gc);
de8565bc63fe jabber: Use accessors instead of directly accessing gc->account (and similar) Paul Aurich <paul@darkrain42.org> parents: 28696 diff changeset	380 if (purple_account_get_password(account) != NULL ) {
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	381 js->sasl_cb[id].id = SASL_CB_PASS;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	382 js->sasl_cb[id].proc = jabber_sasl_cb_secret;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	383 js->sasl_cb[id].context = (void *)js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	384 id++;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	385 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	386
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	387 js->sasl_cb[id].id = SASL_CB_LOG;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	388 js->sasl_cb[id].proc = jabber_sasl_cb_log;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	389 js->sasl_cb[id].context = (void*)js;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	390 id++;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	391
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	392 js->sasl_cb[id].id = SASL_CB_LIST_END;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	393 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	394
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	395 static JabberSaslState
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	396 jabber_cyrus_start(JabberStream js, xmlnode mechanisms,
28754 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 28753 diff changeset	397 xmlnode reply, char error)
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	398 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	399 xmlnode *mechnode;
29990 1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 29965 diff changeset	400 JabberSaslState ret;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	401
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	402 js->sasl_mechs = g_string_new("");
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	403
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	404 for(mechnode = xmlnode_get_child(mechanisms, "mechanism"); mechnode;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	405 mechnode = xmlnode_get_next_twin(mechnode))
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	406 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	407 char *mech_name = xmlnode_get_data(mechnode);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	408
30179 40a8aae4b276 jabber: Document the other cyrus hack (ignoring EXTERNAL) Paul Aurich <paul@darkrain42.org> parents: 30178 diff changeset	409 /* Ignore blank mechanisms and EXTERNAL. External isn't
40a8aae4b276 jabber: Document the other cyrus hack (ignoring EXTERNAL) Paul Aurich <paul@darkrain42.org> parents: 30178 diff changeset	410 * supported, and Cyrus SASL's mechanism returns
40a8aae4b276 jabber: Document the other cyrus hack (ignoring EXTERNAL) Paul Aurich <paul@darkrain42.org> parents: 30178 diff changeset	411 * SASL_NOMECH when the caller (us) doesn't configure it.
40a8aae4b276 jabber: Document the other cyrus hack (ignoring EXTERNAL) Paul Aurich <paul@darkrain42.org> parents: 30178 diff changeset	412 * Except SASL_NOMECH is supposed to mean "no concordant
40a8aae4b276 jabber: Document the other cyrus hack (ignoring EXTERNAL) Paul Aurich <paul@darkrain42.org> parents: 30178 diff changeset	413 * mechanisms"... Easiest just to blacklist it (for now).
40a8aae4b276 jabber: Document the other cyrus hack (ignoring EXTERNAL) Paul Aurich <paul@darkrain42.org> parents: 30178 diff changeset	414 */
30010 1518b6b70556 jabber: Blacklist EXTERNAL when using Cyrus. Allows connecting when it's advertised. Paul Aurich <paul@darkrain42.org> parents: 30009 diff changeset	415 if (!mech_name \|\| !*mech_name \|\|
1518b6b70556 jabber: Blacklist EXTERNAL when using Cyrus. Allows connecting when it's advertised. Paul Aurich <paul@darkrain42.org> parents: 30009 diff changeset	416 g_str_equal(mech_name, "EXTERNAL")) {
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	417 g_free(mech_name);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	418 continue;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	419 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	420
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	421 g_string_append(js->sasl_mechs, mech_name);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	422 g_string_append_c(js->sasl_mechs, ' ');
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	423 g_free(mech_name);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	424 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	425
30178 e9d540664ea3 jabber: Make that more future-proof by never generating "GSSAPI " Paul Aurich <paul@darkrain42.org> parents: 30177 diff changeset	426 /* Strip off the trailing ' ' */
e9d540664ea3 jabber: Make that more future-proof by never generating "GSSAPI " Paul Aurich <paul@darkrain42.org> parents: 30177 diff changeset	427 if (js->sasl_mechs->len > 1)
e9d540664ea3 jabber: Make that more future-proof by never generating "GSSAPI " Paul Aurich <paul@darkrain42.org> parents: 30177 diff changeset	428 g_string_truncate(js->sasl_mechs, js->sasl_mechs->len - 1);
e9d540664ea3 jabber: Make that more future-proof by never generating "GSSAPI " Paul Aurich <paul@darkrain42.org> parents: 30177 diff changeset	429
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	430 jabber_sasl_build_callbacks(js);
29990 1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 29965 diff changeset	431 ret = jabber_auth_start_cyrus(js, reply, error);
1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 29965 diff changeset	432
1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 29965 diff changeset	433 /*
1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 29965 diff changeset	434 * Triggered if no overlap between server and client
1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 29965 diff changeset	435 * supported mechanisms.
1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 29965 diff changeset	436 */
1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 29965 diff changeset	437 if (ret == JABBER_SASL_STATE_FAIL && *error == NULL)
29991 b78b5e7ffe82 jabber: Found a better string in auth.c Paul Aurich <paul@darkrain42.org> parents: 29990 diff changeset	438 *error = g_strdup(_("Server does not use any supported authentication method"));
29990 1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 29965 diff changeset	439
1e959e5cb237 jabber: Better error message when no concordant SASL mechs Paul Aurich <paul@darkrain42.org> parents: 29965 diff changeset	440 return ret;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	441 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	442
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	443 static JabberSaslState
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	444 jabber_cyrus_handle_challenge(JabberStream js, xmlnode packet,
28754 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 28753 diff changeset	445 xmlnode reply, char error)
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	446 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	447 char *enc_in = xmlnode_get_data(packet);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	448 unsigned char *dec_in;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	449 char *enc_out;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	450 const char *c_out;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	451 unsigned int clen;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	452 gsize declen;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	453
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	454 dec_in = purple_base64_decode(enc_in, &declen);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	455
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	456 js->sasl_state = sasl_client_step(js->sasl, (char*)dec_in, declen,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	457 NULL, &c_out, &clen);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	458 g_free(enc_in);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	459 g_free(dec_in);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	460 if (js->sasl_state != SASL_CONTINUE && js->sasl_state != SASL_OK) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	461 gchar *tmp = g_strdup_printf(_("SASL error: %s"),
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	462 sasl_errdetail(js->sasl));
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	463 purple_debug_error("jabber", "Error is %d : %s\n",
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	464 js->sasl_state, sasl_errdetail(js->sasl));
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	465 *error = tmp;
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	466 return JABBER_SASL_STATE_FAIL;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	467 } else {
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	468 xmlnode *response = xmlnode_new("response");
28715 cea22db36ffc jabber: Use NS_XMPP_SASL Paul Aurich <paul@darkrain42.org> parents: 28702 diff changeset	469 xmlnode_set_namespace(response, NS_XMPP_SASL);
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	470 if (clen > 0) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	471 /* Cyrus SASL 2.1.22 appears to contain code to add the charset
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	472 * to the response for DIGEST-MD5 but there is no possibility
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	473 * it will be executed.
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	474 *
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	475 * My reading of the digestmd5 plugin indicates the username and
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	476 * realm are always encoded in UTF-8 (they seem to be the values
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	477 * we pass in), so we need to ensure charset=utf-8 is set.
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	478 */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	479 if (!purple_strequal(js->current_mech, "DIGEST-MD5") \|\|
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	480 strstr(c_out, ",charset="))
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	481 /* If we're not using DIGEST-MD5 or Cyrus SASL is fixed */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	482 enc_out = purple_base64_encode((unsigned char*)c_out, clen);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	483 else {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	484 char *tmp = g_strdup_printf("%s,charset=utf-8", c_out);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	485 enc_out = purple_base64_encode((unsigned char*)tmp, clen + 14);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	486 g_free(tmp);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	487 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	488
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	489 xmlnode_insert_data(response, enc_out, -1);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	490 g_free(enc_out);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	491 }
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	492
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	493 *reply = response;
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	494 return JABBER_SASL_STATE_CONTINUE;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	495 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	496 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	497
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	498 static JabberSaslState
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	499 jabber_cyrus_handle_success(JabberStream js, xmlnode packet,
28754 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 28753 diff changeset	500 char **error)
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	501 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	502 const void *x;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	503
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	504 /* The SASL docs say that if the client hasn't returned OK yet, we
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	505 * should try one more round against it
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	506 */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	507 if (js->sasl_state != SASL_OK) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	508 char *enc_in = xmlnode_get_data(packet);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	509 unsigned char *dec_in = NULL;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	510 const char *c_out;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	511 unsigned int clen;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	512 gsize declen = 0;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	513
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	514 if(enc_in != NULL)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	515 dec_in = purple_base64_decode(enc_in, &declen);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	516
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	517 js->sasl_state = sasl_client_step(js->sasl, (char*)dec_in, declen, NULL, &c_out, &clen);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	518
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	519 g_free(enc_in);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	520 g_free(dec_in);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	521
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	522 if (js->sasl_state != SASL_OK) {
31148 84e9eb0ae4d5 jabber: Un-assert-ify one failure case in the Cyrus code. Paul Aurich <paul@darkrain42.org> parents: 30564 diff changeset	523 /* This happens when the server sends back jibberish
84e9eb0ae4d5 jabber: Un-assert-ify one failure case in the Cyrus code. Paul Aurich <paul@darkrain42.org> parents: 30564 diff changeset	524 * in the "additional data with success" case.
84e9eb0ae4d5 jabber: Un-assert-ify one failure case in the Cyrus code. Paul Aurich <paul@darkrain42.org> parents: 30564 diff changeset	525 * Seen with Wildfire 3.0.1.
84e9eb0ae4d5 jabber: Un-assert-ify one failure case in the Cyrus code. Paul Aurich <paul@darkrain42.org> parents: 30564 diff changeset	526 */
28754 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 28753 diff changeset	527 *error = g_strdup(_("Invalid response from server"));
31148 84e9eb0ae4d5 jabber: Un-assert-ify one failure case in the Cyrus code. Paul Aurich <paul@darkrain42.org> parents: 30564 diff changeset	528 return JABBER_SASL_STATE_FAIL;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	529 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	530 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	531
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	532 /* If we've negotiated a security layer, we need to enable it */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	533 if (js->sasl) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	534 sasl_getprop(js->sasl, SASL_SSF, &x);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	535 if ((int )x > 0) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	536 sasl_getprop(js->sasl, SASL_MAXOUTBUF, &x);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	537 js->sasl_maxbuf = (int )x;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	538 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	539 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	540
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	541 return JABBER_SASL_STATE_OK;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	542 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	543
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	544 static JabberSaslState
8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	545 jabber_cyrus_handle_failure(JabberStream js, xmlnode packet,
28754 b94fd073187c jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized) Paul Aurich <paul@darkrain42.org> parents: 28753 diff changeset	546 xmlnode reply, char error)
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	547 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	548 if (js->auth_fail_count++ < 5) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	549 if (js->current_mech && *js->current_mech) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	550 char *pos;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	551 if ((pos = strstr(js->sasl_mechs->str, js->current_mech))) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	552 g_string_erase(js->sasl_mechs, pos-js->sasl_mechs->str, strlen(js->current_mech));
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	553 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	554 /* Remove space which separated this mech from the next */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	555 if ((js->sasl_mechs->str)[0] == ' ') {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	556 g_string_erase(js->sasl_mechs, 0, 1);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	557 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	558 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	559 if (*js->sasl_mechs->str) {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	560 /* If we have remaining mechs to try, do so */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	561 sasl_dispose(&js->sasl);
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	562
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	563 return jabber_auth_start_cyrus(js, reply, error);
29872 a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	564
30010 1518b6b70556 jabber: Blacklist EXTERNAL when using Cyrus. Allows connecting when it's advertised. Paul Aurich <paul@darkrain42.org> parents: 30009 diff changeset	565 } else if ((js->auth_fail_count == 1) &&
29872 a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	566 (js->current_mech && g_str_equal(js->current_mech, "GSSAPI"))) {
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	567 /* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth
29965 6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	568 * for compatibility with iChat 10.5 Server and other jabberd based servers.
29872 a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	569 *
29965 6c148063fdfd applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5 Evan Schoenberg <evan.s@dreskin.net> parents: 29877 diff changeset	570 * iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often
29872 a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	571 * not configured on the client side, and expects a fallback to jabber:iq:auth when it (predictably) fails.
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	572 *
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	573 * Note: xep-0078 points out that using jabber:iq:auth after a sasl failure is wrong. However,
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	574 * I believe this refers to actual authentication failure, not a simple lack of concordant mechanisms.
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	575 * Doing otherwise means that simply compiling with SASL support renders the client unable to connect to servers
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	576 * which would connect without issue otherwise. -evands
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	577 */
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	578 sasl_dispose(&js->sasl);
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	579 js->sasl = NULL;
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	580 js->auth_mech = NULL;
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	581 jabber_auth_start_old(js);
a044ddee7878 Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza. Evan Schoenberg <evan.s@dreskin.net> parents: 29856 diff changeset	582 return JABBER_SASL_STATE_CONTINUE;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	583 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	584 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	585
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	586 /* Nothing to send */
28753 8a5252630857 jabber: Fix up the cyrus auth code (although there's a leak currently) Paul Aurich <paul@darkrain42.org> parents: 28715 diff changeset	587 return JABBER_SASL_STATE_FAIL;
28696 8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	588 }
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	589
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	590 static JabberSaslMech cyrus_mech = {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	591 100, /* priority */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	592 "", / name; Cyrus provides a bunch of mechanisms, so use an invalid
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	593 * mechanism name (per rfc4422 3.1). */
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	594 jabber_cyrus_start,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	595 jabber_cyrus_handle_challenge,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	596 jabber_cyrus_handle_success,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	597 jabber_cyrus_handle_failure,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	598 NULL,
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	599 };
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	600
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	601 JabberSaslMech *jabber_auth_get_cyrus_mech(void)
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	602 {
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	603 return &cyrus_mech;
8ada06fb65ed jabber: Factor the SASL auth methods into their own files. Paul Aurich <paul@darkrain42.org> parents: diff changeset	604 }

Mercurial > pidgin

annotate libpurple/protocols/jabber/auth_cyrus.c @ 31558:ce968e115c95