Mercurial > pidgin
annotate libpurple/protocols/jabber/auth_cyrus.c @ 32705:ef4ffed09e49
Replace Facebook's UI hack for default connection security.
| author | Elliott Sales de Andrade <qulogic@pidgin.im> |
|---|---|
| date | Thu, 29 Dec 2011 01:58:43 +0000 |
| parents | a5b556ac1de5 |
| children | f24f4e47dedb |
| rev | line source |
|---|---|
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
1 /* |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
2 * purple - Jabber Protocol Plugin |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
3 * |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
4 * Purple is the legal property of its developers, whose names are too numerous |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
5 * to list here. Please refer to the COPYRIGHT file distributed with this |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
6 * source distribution. |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
7 * |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
8 * This program is free software; you can redistribute it and/or modify |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
9 * it under the terms of the GNU General Public License as published by |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
10 * the Free Software Foundation; either version 2 of the License, or |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
11 * (at your option) any later version. |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
12 * |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
13 * This program is distributed in the hope that it will be useful, |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
16 * GNU General Public License for more details. |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
17 * |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
18 * You should have received a copy of the GNU General Public License |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
19 * along with this program; if not, write to the Free Software |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
21 * |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
22 */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
23 #include "internal.h" |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
24 #include "core.h" |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
25 #include "debug.h" |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
26 #include "request.h" |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
27 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
28 #include "auth.h" |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
29 #include "jabber.h" |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
30 |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
31 static JabberSaslState jabber_auth_start_cyrus(JabberStream *js, xmlnode **reply, |
|
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28753
diff
changeset
|
32 char **error); |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
33 static void jabber_sasl_build_callbacks(JabberStream *); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
34 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
35 static void disallow_plaintext_auth(PurpleAccount *account) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
36 { |
|
31872
a5b556ac1de5
Rename purple_connection_error_reason to purple_connection_error
Mark Doliner <mark@kingant.net>
parents:
31598
diff
changeset
|
37 purple_connection_error(purple_account_get_connection(account), |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
38 PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR, |
|
30252
c8cf189bf6db
jabber: This is more accurate, I think (e.g. Cyrus doesn't know what SCRAM-SHA-1 is)
Paul Aurich <paul@darkrain42.org>
parents:
30179
diff
changeset
|
39 _("Server may require plaintext authentication over an unencrypted stream")); |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
40 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
41 |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
42 static void start_cyrus_wrapper(JabberStream *js) |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
43 { |
|
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28753
diff
changeset
|
44 char *error = NULL; |
|
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28753
diff
changeset
|
45 xmlnode *response = NULL; |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
46 JabberSaslState state = jabber_auth_start_cyrus(js, &response, &error); |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
47 |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
48 if (state == JABBER_SASL_STATE_FAIL) { |
|
31872
a5b556ac1de5
Rename purple_connection_error_reason to purple_connection_error
Mark Doliner <mark@kingant.net>
parents:
31598
diff
changeset
|
49 purple_connection_error(js->gc, |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
50 PURPLE_CONNECTION_ERROR_AUTHENTICATION_IMPOSSIBLE, |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
51 error); |
|
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28753
diff
changeset
|
52 g_free(error); |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
53 } else if (response) { |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
54 jabber_send(js, response); |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
55 xmlnode_free(response); |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
56 } |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
57 } |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
58 |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
59 |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
60 /* Callbacks for Cyrus SASL */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
61 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
62 static int jabber_sasl_cb_realm(void *ctx, int id, const char **avail, const char **result) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
63 { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
64 JabberStream *js = ctx; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
65 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
66 if (id != SASL_CB_GETREALM || !result) return SASL_BADPARAM; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
67 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
68 *result = js->user->domain; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
69 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
70 return SASL_OK; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
71 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
72 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
73 static int jabber_sasl_cb_simple(void *ctx, int id, const char **res, unsigned *len) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
74 { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
75 JabberStream *js = ctx; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
76 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
77 switch(id) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
78 case SASL_CB_AUTHNAME: |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
79 *res = js->user->node; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
80 break; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
81 case SASL_CB_USER: |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
82 *res = ""; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
83 break; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
84 default: |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
85 return SASL_BADPARAM; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
86 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
87 if (len) *len = strlen((char *)*res); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
88 return SASL_OK; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
89 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
90 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
91 static int jabber_sasl_cb_secret(sasl_conn_t *conn, void *ctx, int id, sasl_secret_t **secret) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
92 { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
93 JabberStream *js = ctx; |
|
28697
de8565bc63fe
jabber: Use accessors instead of directly accessing gc->account (and similar)
Paul Aurich <paul@darkrain42.org>
parents:
28696
diff
changeset
|
94 PurpleAccount *account; |
|
de8565bc63fe
jabber: Use accessors instead of directly accessing gc->account (and similar)
Paul Aurich <paul@darkrain42.org>
parents:
28696
diff
changeset
|
95 const char *pw; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
96 size_t len; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
97 |
| 28700 | 98 account = purple_connection_get_account(js->gc); |
|
28697
de8565bc63fe
jabber: Use accessors instead of directly accessing gc->account (and similar)
Paul Aurich <paul@darkrain42.org>
parents:
28696
diff
changeset
|
99 pw = purple_account_get_password(account); |
|
de8565bc63fe
jabber: Use accessors instead of directly accessing gc->account (and similar)
Paul Aurich <paul@darkrain42.org>
parents:
28696
diff
changeset
|
100 |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
101 if (!conn || !secret || id != SASL_CB_PASS) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
102 return SASL_BADPARAM; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
103 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
104 len = strlen(pw); |
|
30419
9789e8e7d834
jabber: Document this not being an off-by-one...
Paul Aurich <paul@darkrain42.org>
parents:
30252
diff
changeset
|
105 /* Not an off-by-one because sasl_secret_t defines char data[1] */ |
|
30448
a5131a257967
jabber: Fix a pernicious race condition in our cyrus auth code
Paul Aurich <paul@darkrain42.org>
parents:
30432
diff
changeset
|
106 /* TODO: This can probably be moved to glib's allocator */ |
|
a5131a257967
jabber: Fix a pernicious race condition in our cyrus auth code
Paul Aurich <paul@darkrain42.org>
parents:
30432
diff
changeset
|
107 js->sasl_secret = malloc(sizeof(sasl_secret_t) + len); |
|
a5131a257967
jabber: Fix a pernicious race condition in our cyrus auth code
Paul Aurich <paul@darkrain42.org>
parents:
30432
diff
changeset
|
108 if (!js->sasl_secret) |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
109 return SASL_NOMEM; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
110 |
|
30448
a5131a257967
jabber: Fix a pernicious race condition in our cyrus auth code
Paul Aurich <paul@darkrain42.org>
parents:
30432
diff
changeset
|
111 js->sasl_secret->len = len; |
|
a5131a257967
jabber: Fix a pernicious race condition in our cyrus auth code
Paul Aurich <paul@darkrain42.org>
parents:
30432
diff
changeset
|
112 strcpy((char*)js->sasl_secret->data, pw); |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
113 |
|
30448
a5131a257967
jabber: Fix a pernicious race condition in our cyrus auth code
Paul Aurich <paul@darkrain42.org>
parents:
30432
diff
changeset
|
114 *secret = js->sasl_secret; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
115 return SASL_OK; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
116 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
117 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
118 static void allow_cyrus_plaintext_auth(PurpleAccount *account) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
119 { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
120 PurpleConnection *gc; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
121 JabberStream *js; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
122 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
123 gc = purple_account_get_connection(account); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
124 js = purple_connection_get_protocol_data(gc); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
125 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
126 purple_account_set_bool(account, "auth_plain_in_clear", TRUE); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
127 |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
128 start_cyrus_wrapper(js); |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
129 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
130 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
131 static void auth_pass_cb(PurpleConnection *gc, PurpleRequestFields *fields) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
132 { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
133 PurpleAccount *account; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
134 JabberStream *js; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
135 const char *entry; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
136 gboolean remember; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
137 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
138 /* The password prompt dialog doesn't get disposed if the account disconnects */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
139 if (!PURPLE_CONNECTION_IS_VALID(gc)) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
140 return; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
141 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
142 account = purple_connection_get_account(gc); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
143 js = purple_connection_get_protocol_data(gc); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
144 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
145 entry = purple_request_fields_get_string(fields, "password"); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
146 remember = purple_request_fields_get_bool(fields, "remember"); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
147 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
148 if (!entry || !*entry) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
149 { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
150 purple_notify_error(account, NULL, _("Password is required to sign on."), NULL); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
151 return; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
152 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
153 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
154 if (remember) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
155 purple_account_set_remember_password(account, TRUE); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
156 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
157 purple_account_set_password(account, entry); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
158 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
159 /* Rebuild our callbacks as we now have a password to offer */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
160 jabber_sasl_build_callbacks(js); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
161 |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
162 /* Restart our negotiation */ |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
163 start_cyrus_wrapper(js); |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
164 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
165 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
166 static void |
|
28701
da2ce5d8d4b4
jabber: A little more use of accessors.
Paul Aurich <paul@darkrain42.org>
parents:
28700
diff
changeset
|
167 auth_no_pass_cb(PurpleConnection *gc, PurpleRequestFields *fields) |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
168 { |
|
28701
da2ce5d8d4b4
jabber: A little more use of accessors.
Paul Aurich <paul@darkrain42.org>
parents:
28700
diff
changeset
|
169 PurpleAccount *account; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
170 JabberStream *js; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
171 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
172 /* The password prompt dialog doesn't get disposed if the account disconnects */ |
|
28701
da2ce5d8d4b4
jabber: A little more use of accessors.
Paul Aurich <paul@darkrain42.org>
parents:
28700
diff
changeset
|
173 if (!PURPLE_CONNECTION_IS_VALID(gc)) |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
174 return; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
175 |
|
28701
da2ce5d8d4b4
jabber: A little more use of accessors.
Paul Aurich <paul@darkrain42.org>
parents:
28700
diff
changeset
|
176 account = purple_connection_get_account(gc); |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
177 |
|
30432
1cdae196aac8
Standardize on "cancelled".
Elliott Sales de Andrade <qulogic@pidgin.im>
parents:
30419
diff
changeset
|
178 /* Disable the account as the user has cancelled connecting */ |
|
28701
da2ce5d8d4b4
jabber: A little more use of accessors.
Paul Aurich <paul@darkrain42.org>
parents:
28700
diff
changeset
|
179 purple_account_set_enabled(account, purple_core_get_ui(), FALSE); |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
180 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
181 |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
182 static JabberSaslState |
|
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28753
diff
changeset
|
183 jabber_auth_start_cyrus(JabberStream *js, xmlnode **reply, char **error) |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
184 { |
|
28697
de8565bc63fe
jabber: Use accessors instead of directly accessing gc->account (and similar)
Paul Aurich <paul@darkrain42.org>
parents:
28696
diff
changeset
|
185 PurpleAccount *account; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
186 const char *clientout = NULL; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
187 char *enc_out; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
188 unsigned coutlen = 0; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
189 sasl_security_properties_t secprops; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
190 gboolean again; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
191 gboolean plaintext = TRUE; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
192 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
193 /* Set up security properties and options */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
194 secprops.min_ssf = 0; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
195 secprops.security_flags = SASL_SEC_NOANONYMOUS; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
196 |
|
28697
de8565bc63fe
jabber: Use accessors instead of directly accessing gc->account (and similar)
Paul Aurich <paul@darkrain42.org>
parents:
28696
diff
changeset
|
197 account = purple_connection_get_account(js->gc); |
|
de8565bc63fe
jabber: Use accessors instead of directly accessing gc->account (and similar)
Paul Aurich <paul@darkrain42.org>
parents:
28696
diff
changeset
|
198 |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
199 if (!jabber_stream_is_ssl(js)) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
200 secprops.max_ssf = -1; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
201 secprops.maxbufsize = 4096; |
|
28697
de8565bc63fe
jabber: Use accessors instead of directly accessing gc->account (and similar)
Paul Aurich <paul@darkrain42.org>
parents:
28696
diff
changeset
|
202 plaintext = purple_account_get_bool(account, "auth_plain_in_clear", FALSE); |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
203 if (!plaintext) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
204 secprops.security_flags |= SASL_SEC_NOPLAINTEXT; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
205 } else { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
206 secprops.max_ssf = 0; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
207 secprops.maxbufsize = 0; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
208 plaintext = TRUE; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
209 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
210 secprops.property_names = 0; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
211 secprops.property_values = 0; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
212 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
213 do { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
214 again = FALSE; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
215 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
216 js->sasl_state = sasl_client_new("xmpp", js->serverFQDN, NULL, NULL, js->sasl_cb, 0, &js->sasl); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
217 if (js->sasl_state==SASL_OK) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
218 sasl_setprop(js->sasl, SASL_SEC_PROPS, &secprops); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
219 purple_debug_info("sasl", "Mechs found: %s\n", js->sasl_mechs->str); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
220 js->sasl_state = sasl_client_start(js->sasl, js->sasl_mechs->str, NULL, &clientout, &coutlen, &js->current_mech); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
221 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
222 switch (js->sasl_state) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
223 /* Success */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
224 case SASL_OK: |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
225 case SASL_CONTINUE: |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
226 break; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
227 case SASL_NOMECH: |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
228 /* No mechanisms have offered to help */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
229 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
230 /* Firstly, if we don't have a password try |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
231 * to get one |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
232 */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
233 |
|
28697
de8565bc63fe
jabber: Use accessors instead of directly accessing gc->account (and similar)
Paul Aurich <paul@darkrain42.org>
parents:
28696
diff
changeset
|
234 if (!purple_account_get_password(account)) { |
|
de8565bc63fe
jabber: Use accessors instead of directly accessing gc->account (and similar)
Paul Aurich <paul@darkrain42.org>
parents:
28696
diff
changeset
|
235 purple_account_request_password(account, G_CALLBACK(auth_pass_cb), G_CALLBACK(auth_no_pass_cb), js->gc); |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
236 return JABBER_SASL_STATE_CONTINUE; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
237 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
238 /* If we've got a password, but aren't sending |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
239 * it in plaintext, see if we can turn on |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
240 * plaintext auth |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
241 */ |
|
30252
c8cf189bf6db
jabber: This is more accurate, I think (e.g. Cyrus doesn't know what SCRAM-SHA-1 is)
Paul Aurich <paul@darkrain42.org>
parents:
30179
diff
changeset
|
242 /* XXX Should we just check for PLAIN/LOGIN being offered mechanisms? */ |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
243 } else if (!plaintext) { |
|
30252
c8cf189bf6db
jabber: This is more accurate, I think (e.g. Cyrus doesn't know what SCRAM-SHA-1 is)
Paul Aurich <paul@darkrain42.org>
parents:
30179
diff
changeset
|
244 char *msg = g_strdup_printf(_("%s may require plaintext authentication over an unencrypted connection. Allow this and continue authentication?"), |
|
28697
de8565bc63fe
jabber: Use accessors instead of directly accessing gc->account (and similar)
Paul Aurich <paul@darkrain42.org>
parents:
28696
diff
changeset
|
245 purple_account_get_username(account)); |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
246 purple_request_yes_no(js->gc, _("Plaintext Authentication"), |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
247 _("Plaintext Authentication"), |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
248 msg, |
|
28697
de8565bc63fe
jabber: Use accessors instead of directly accessing gc->account (and similar)
Paul Aurich <paul@darkrain42.org>
parents:
28696
diff
changeset
|
249 1, account, NULL, NULL, account, |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
250 allow_cyrus_plaintext_auth, |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
251 disallow_plaintext_auth); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
252 g_free(msg); |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
253 return JABBER_SASL_STATE_CONTINUE; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
254 |
|
29965
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
255 } else |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
256 js->auth_fail_count++; |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
257 |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
258 if (js->auth_fail_count == 1 && |
|
30178
e9d540664ea3
jabber: Make that more future-proof by never generating "GSSAPI "
Paul Aurich <paul@darkrain42.org>
parents:
30177
diff
changeset
|
259 (js->sasl_mechs->str && g_str_equal(js->sasl_mechs->str, "GSSAPI"))) { |
|
29965
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
260 /* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
261 * for compatibility with iChat 10.5 Server and other jabberd based servers. |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
262 * |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
263 * iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
264 * not configured on the client side, and expects a fallback to jabber:iq:auth when it (predictably) fails. |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
265 * |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
266 * Note: xep-0078 points out that using jabber:iq:auth after a sasl failure is wrong. However, |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
267 * I believe this refers to actual authentication failure, not a simple lack of concordant mechanisms. |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
268 * Doing otherwise means that simply compiling with SASL support renders the client unable to connect to servers |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
269 * which would connect without issue otherwise. -evands |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
270 */ |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
271 js->auth_mech = NULL; |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
272 jabber_auth_start_old(js); |
|
30009
1b1fee952341
jabber: trailing_whitespace--;
Paul Aurich <paul@darkrain42.org>
parents:
29991
diff
changeset
|
273 return JABBER_SASL_STATE_CONTINUE; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
274 } |
|
29872
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
275 |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
276 break; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
277 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
278 /* Fatal errors. Give up and go home */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
279 case SASL_BADPARAM: |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
280 case SASL_NOMEM: |
|
29873
a81d44a11d99
If SASL authentication fails, we generally shouldn't be setting an error
Evan Schoenberg <evan.s@dreskin.net>
parents:
29872
diff
changeset
|
281 *error = g_strdup(_("SASL authentication failed")); |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
282 break; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
283 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
284 /* For everything else, fail the mechanism and try again */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
285 default: |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
286 purple_debug_info("sasl", "sasl_state is %d, failing the mech and trying again\n", js->sasl_state); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
287 |
|
29965
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
288 js->auth_fail_count++; |
|
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
289 |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
290 /* |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
291 * DAA: is this right? |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
292 * The manpage says that "mech" will contain the chosen mechanism on success. |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
293 * Presumably, if we get here that isn't the case and we shouldn't try again? |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
294 * I suspect that this never happens. |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
295 */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
296 /* |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
297 * SXW: Yes, this is right. What this handles is the situation where a |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
298 * mechanism, say GSSAPI, is tried. If that mechanism fails, it may be |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
299 * due to mechanism specific issues, so we want to try one of the other |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
300 * supported mechanisms. This code handles that case |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
301 */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
302 if (js->current_mech && *js->current_mech) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
303 char *pos; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
304 if ((pos = strstr(js->sasl_mechs->str, js->current_mech))) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
305 g_string_erase(js->sasl_mechs, pos-js->sasl_mechs->str, strlen(js->current_mech)); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
306 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
307 /* Remove space which separated this mech from the next */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
308 if ((js->sasl_mechs->str)[0] == ' ') { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
309 g_string_erase(js->sasl_mechs, 0, 1); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
310 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
311 again = TRUE; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
312 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
313 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
314 sasl_dispose(&js->sasl); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
315 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
316 } while (again); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
317 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
318 if (js->sasl_state == SASL_CONTINUE || js->sasl_state == SASL_OK) { |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
319 xmlnode *auth = xmlnode_new("auth"); |
|
28715
cea22db36ffc
jabber: Use NS_XMPP_SASL
Paul Aurich <paul@darkrain42.org>
parents:
28702
diff
changeset
|
320 xmlnode_set_namespace(auth, NS_XMPP_SASL); |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
321 xmlnode_set_attrib(auth, "mechanism", js->current_mech); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
322 |
|
30564
3f5ff1ea4802
jabber: Partial revert (everything but ChangeLog) of 945ef5abc5
Paul Aurich <paul@darkrain42.org>
parents:
30448
diff
changeset
|
323 xmlnode_set_attrib(auth, "xmlns:ga", "http://www.google.com/talk/protocol/auth"); |
|
3f5ff1ea4802
jabber: Partial revert (everything but ChangeLog) of 945ef5abc5
Paul Aurich <paul@darkrain42.org>
parents:
30448
diff
changeset
|
324 xmlnode_set_attrib(auth, "ga:client-uses-full-bind-result", "true"); |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
325 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
326 if (clientout) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
327 if (coutlen == 0) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
328 xmlnode_insert_data(auth, "=", -1); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
329 } else { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
330 enc_out = purple_base64_encode((unsigned char*)clientout, coutlen); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
331 xmlnode_insert_data(auth, enc_out, -1); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
332 g_free(enc_out); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
333 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
334 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
335 |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
336 *reply = auth; |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
337 return JABBER_SASL_STATE_CONTINUE; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
338 } else { |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
339 return JABBER_SASL_STATE_FAIL; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
340 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
341 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
342 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
343 static int |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
344 jabber_sasl_cb_log(void *context, int level, const char *message) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
345 { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
346 if(level <= SASL_LOG_TRACE) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
347 purple_debug_info("sasl", "%s\n", message); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
348 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
349 return SASL_OK; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
350 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
351 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
352 static void |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
353 jabber_sasl_build_callbacks(JabberStream *js) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
354 { |
|
28697
de8565bc63fe
jabber: Use accessors instead of directly accessing gc->account (and similar)
Paul Aurich <paul@darkrain42.org>
parents:
28696
diff
changeset
|
355 PurpleAccount *account; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
356 int id; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
357 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
358 /* Set up our callbacks structure */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
359 if (js->sasl_cb == NULL) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
360 js->sasl_cb = g_new0(sasl_callback_t,6); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
361 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
362 id = 0; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
363 js->sasl_cb[id].id = SASL_CB_GETREALM; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
364 js->sasl_cb[id].proc = jabber_sasl_cb_realm; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
365 js->sasl_cb[id].context = (void *)js; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
366 id++; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
367 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
368 js->sasl_cb[id].id = SASL_CB_AUTHNAME; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
369 js->sasl_cb[id].proc = jabber_sasl_cb_simple; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
370 js->sasl_cb[id].context = (void *)js; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
371 id++; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
372 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
373 js->sasl_cb[id].id = SASL_CB_USER; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
374 js->sasl_cb[id].proc = jabber_sasl_cb_simple; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
375 js->sasl_cb[id].context = (void *)js; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
376 id++; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
377 |
|
28697
de8565bc63fe
jabber: Use accessors instead of directly accessing gc->account (and similar)
Paul Aurich <paul@darkrain42.org>
parents:
28696
diff
changeset
|
378 account = purple_connection_get_account(js->gc); |
|
de8565bc63fe
jabber: Use accessors instead of directly accessing gc->account (and similar)
Paul Aurich <paul@darkrain42.org>
parents:
28696
diff
changeset
|
379 if (purple_account_get_password(account) != NULL ) { |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
380 js->sasl_cb[id].id = SASL_CB_PASS; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
381 js->sasl_cb[id].proc = jabber_sasl_cb_secret; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
382 js->sasl_cb[id].context = (void *)js; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
383 id++; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
384 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
385 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
386 js->sasl_cb[id].id = SASL_CB_LOG; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
387 js->sasl_cb[id].proc = jabber_sasl_cb_log; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
388 js->sasl_cb[id].context = (void*)js; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
389 id++; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
390 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
391 js->sasl_cb[id].id = SASL_CB_LIST_END; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
392 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
393 |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
394 static JabberSaslState |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
395 jabber_cyrus_start(JabberStream *js, xmlnode *mechanisms, |
|
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28753
diff
changeset
|
396 xmlnode **reply, char **error) |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
397 { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
398 xmlnode *mechnode; |
|
29990
1e959e5cb237
jabber: Better error message when no concordant SASL mechs
Paul Aurich <paul@darkrain42.org>
parents:
29965
diff
changeset
|
399 JabberSaslState ret; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
400 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
401 js->sasl_mechs = g_string_new(""); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
402 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
403 for(mechnode = xmlnode_get_child(mechanisms, "mechanism"); mechnode; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
404 mechnode = xmlnode_get_next_twin(mechnode)) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
405 { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
406 char *mech_name = xmlnode_get_data(mechnode); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
407 |
|
30179
40a8aae4b276
jabber: Document the other cyrus hack (ignoring EXTERNAL)
Paul Aurich <paul@darkrain42.org>
parents:
30178
diff
changeset
|
408 /* Ignore blank mechanisms and EXTERNAL. External isn't |
|
40a8aae4b276
jabber: Document the other cyrus hack (ignoring EXTERNAL)
Paul Aurich <paul@darkrain42.org>
parents:
30178
diff
changeset
|
409 * supported, and Cyrus SASL's mechanism returns |
|
40a8aae4b276
jabber: Document the other cyrus hack (ignoring EXTERNAL)
Paul Aurich <paul@darkrain42.org>
parents:
30178
diff
changeset
|
410 * SASL_NOMECH when the caller (us) doesn't configure it. |
|
40a8aae4b276
jabber: Document the other cyrus hack (ignoring EXTERNAL)
Paul Aurich <paul@darkrain42.org>
parents:
30178
diff
changeset
|
411 * Except SASL_NOMECH is supposed to mean "no concordant |
|
40a8aae4b276
jabber: Document the other cyrus hack (ignoring EXTERNAL)
Paul Aurich <paul@darkrain42.org>
parents:
30178
diff
changeset
|
412 * mechanisms"... Easiest just to blacklist it (for now). |
|
40a8aae4b276
jabber: Document the other cyrus hack (ignoring EXTERNAL)
Paul Aurich <paul@darkrain42.org>
parents:
30178
diff
changeset
|
413 */ |
|
30010
1518b6b70556
jabber: Blacklist EXTERNAL when using Cyrus. Allows connecting when it's advertised.
Paul Aurich <paul@darkrain42.org>
parents:
30009
diff
changeset
|
414 if (!mech_name || !*mech_name || |
|
1518b6b70556
jabber: Blacklist EXTERNAL when using Cyrus. Allows connecting when it's advertised.
Paul Aurich <paul@darkrain42.org>
parents:
30009
diff
changeset
|
415 g_str_equal(mech_name, "EXTERNAL")) { |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
416 g_free(mech_name); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
417 continue; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
418 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
419 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
420 g_string_append(js->sasl_mechs, mech_name); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
421 g_string_append_c(js->sasl_mechs, ' '); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
422 g_free(mech_name); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
423 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
424 |
|
30178
e9d540664ea3
jabber: Make that more future-proof by never generating "GSSAPI "
Paul Aurich <paul@darkrain42.org>
parents:
30177
diff
changeset
|
425 /* Strip off the trailing ' ' */ |
|
e9d540664ea3
jabber: Make that more future-proof by never generating "GSSAPI "
Paul Aurich <paul@darkrain42.org>
parents:
30177
diff
changeset
|
426 if (js->sasl_mechs->len > 1) |
|
e9d540664ea3
jabber: Make that more future-proof by never generating "GSSAPI "
Paul Aurich <paul@darkrain42.org>
parents:
30177
diff
changeset
|
427 g_string_truncate(js->sasl_mechs, js->sasl_mechs->len - 1); |
|
e9d540664ea3
jabber: Make that more future-proof by never generating "GSSAPI "
Paul Aurich <paul@darkrain42.org>
parents:
30177
diff
changeset
|
428 |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
429 jabber_sasl_build_callbacks(js); |
|
29990
1e959e5cb237
jabber: Better error message when no concordant SASL mechs
Paul Aurich <paul@darkrain42.org>
parents:
29965
diff
changeset
|
430 ret = jabber_auth_start_cyrus(js, reply, error); |
|
1e959e5cb237
jabber: Better error message when no concordant SASL mechs
Paul Aurich <paul@darkrain42.org>
parents:
29965
diff
changeset
|
431 |
|
1e959e5cb237
jabber: Better error message when no concordant SASL mechs
Paul Aurich <paul@darkrain42.org>
parents:
29965
diff
changeset
|
432 /* |
|
1e959e5cb237
jabber: Better error message when no concordant SASL mechs
Paul Aurich <paul@darkrain42.org>
parents:
29965
diff
changeset
|
433 * Triggered if no overlap between server and client |
|
1e959e5cb237
jabber: Better error message when no concordant SASL mechs
Paul Aurich <paul@darkrain42.org>
parents:
29965
diff
changeset
|
434 * supported mechanisms. |
|
1e959e5cb237
jabber: Better error message when no concordant SASL mechs
Paul Aurich <paul@darkrain42.org>
parents:
29965
diff
changeset
|
435 */ |
|
1e959e5cb237
jabber: Better error message when no concordant SASL mechs
Paul Aurich <paul@darkrain42.org>
parents:
29965
diff
changeset
|
436 if (ret == JABBER_SASL_STATE_FAIL && *error == NULL) |
|
29991
b78b5e7ffe82
jabber: Found a better string in auth.c
Paul Aurich <paul@darkrain42.org>
parents:
29990
diff
changeset
|
437 *error = g_strdup(_("Server does not use any supported authentication method")); |
|
29990
1e959e5cb237
jabber: Better error message when no concordant SASL mechs
Paul Aurich <paul@darkrain42.org>
parents:
29965
diff
changeset
|
438 |
|
1e959e5cb237
jabber: Better error message when no concordant SASL mechs
Paul Aurich <paul@darkrain42.org>
parents:
29965
diff
changeset
|
439 return ret; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
440 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
441 |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
442 static JabberSaslState |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
443 jabber_cyrus_handle_challenge(JabberStream *js, xmlnode *packet, |
|
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28753
diff
changeset
|
444 xmlnode **reply, char **error) |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
445 { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
446 char *enc_in = xmlnode_get_data(packet); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
447 unsigned char *dec_in; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
448 char *enc_out; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
449 const char *c_out; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
450 unsigned int clen; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
451 gsize declen; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
452 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
453 dec_in = purple_base64_decode(enc_in, &declen); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
454 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
455 js->sasl_state = sasl_client_step(js->sasl, (char*)dec_in, declen, |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
456 NULL, &c_out, &clen); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
457 g_free(enc_in); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
458 g_free(dec_in); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
459 if (js->sasl_state != SASL_CONTINUE && js->sasl_state != SASL_OK) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
460 gchar *tmp = g_strdup_printf(_("SASL error: %s"), |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
461 sasl_errdetail(js->sasl)); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
462 purple_debug_error("jabber", "Error is %d : %s\n", |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
463 js->sasl_state, sasl_errdetail(js->sasl)); |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
464 *error = tmp; |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
465 return JABBER_SASL_STATE_FAIL; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
466 } else { |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
467 xmlnode *response = xmlnode_new("response"); |
|
28715
cea22db36ffc
jabber: Use NS_XMPP_SASL
Paul Aurich <paul@darkrain42.org>
parents:
28702
diff
changeset
|
468 xmlnode_set_namespace(response, NS_XMPP_SASL); |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
469 if (clen > 0) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
470 /* Cyrus SASL 2.1.22 appears to contain code to add the charset |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
471 * to the response for DIGEST-MD5 but there is no possibility |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
472 * it will be executed. |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
473 * |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
474 * My reading of the digestmd5 plugin indicates the username and |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
475 * realm are always encoded in UTF-8 (they seem to be the values |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
476 * we pass in), so we need to ensure charset=utf-8 is set. |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
477 */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
478 if (!purple_strequal(js->current_mech, "DIGEST-MD5") || |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
479 strstr(c_out, ",charset=")) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
480 /* If we're not using DIGEST-MD5 or Cyrus SASL is fixed */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
481 enc_out = purple_base64_encode((unsigned char*)c_out, clen); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
482 else { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
483 char *tmp = g_strdup_printf("%s,charset=utf-8", c_out); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
484 enc_out = purple_base64_encode((unsigned char*)tmp, clen + 14); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
485 g_free(tmp); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
486 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
487 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
488 xmlnode_insert_data(response, enc_out, -1); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
489 g_free(enc_out); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
490 } |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
491 |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
492 *reply = response; |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
493 return JABBER_SASL_STATE_CONTINUE; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
494 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
495 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
496 |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
497 static JabberSaslState |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
498 jabber_cyrus_handle_success(JabberStream *js, xmlnode *packet, |
|
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28753
diff
changeset
|
499 char **error) |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
500 { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
501 const void *x; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
502 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
503 /* The SASL docs say that if the client hasn't returned OK yet, we |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
504 * should try one more round against it |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
505 */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
506 if (js->sasl_state != SASL_OK) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
507 char *enc_in = xmlnode_get_data(packet); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
508 unsigned char *dec_in = NULL; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
509 const char *c_out; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
510 unsigned int clen; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
511 gsize declen = 0; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
512 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
513 if(enc_in != NULL) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
514 dec_in = purple_base64_decode(enc_in, &declen); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
515 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
516 js->sasl_state = sasl_client_step(js->sasl, (char*)dec_in, declen, NULL, &c_out, &clen); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
517 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
518 g_free(enc_in); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
519 g_free(dec_in); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
520 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
521 if (js->sasl_state != SASL_OK) { |
|
31148
84e9eb0ae4d5
jabber: Un-assert-ify one failure case in the Cyrus code.
Paul Aurich <paul@darkrain42.org>
parents:
30564
diff
changeset
|
522 /* This happens when the server sends back jibberish |
|
84e9eb0ae4d5
jabber: Un-assert-ify one failure case in the Cyrus code.
Paul Aurich <paul@darkrain42.org>
parents:
30564
diff
changeset
|
523 * in the "additional data with success" case. |
|
84e9eb0ae4d5
jabber: Un-assert-ify one failure case in the Cyrus code.
Paul Aurich <paul@darkrain42.org>
parents:
30564
diff
changeset
|
524 * Seen with Wildfire 3.0.1. |
|
84e9eb0ae4d5
jabber: Un-assert-ify one failure case in the Cyrus code.
Paul Aurich <paul@darkrain42.org>
parents:
30564
diff
changeset
|
525 */ |
|
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28753
diff
changeset
|
526 *error = g_strdup(_("Invalid response from server")); |
|
31148
84e9eb0ae4d5
jabber: Un-assert-ify one failure case in the Cyrus code.
Paul Aurich <paul@darkrain42.org>
parents:
30564
diff
changeset
|
527 return JABBER_SASL_STATE_FAIL; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
528 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
529 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
530 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
531 /* If we've negotiated a security layer, we need to enable it */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
532 if (js->sasl) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
533 sasl_getprop(js->sasl, SASL_SSF, &x); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
534 if (*(int *)x > 0) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
535 sasl_getprop(js->sasl, SASL_MAXOUTBUF, &x); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
536 js->sasl_maxbuf = *(int *)x; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
537 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
538 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
539 |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
540 return JABBER_SASL_STATE_OK; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
541 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
542 |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
543 static JabberSaslState |
|
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
544 jabber_cyrus_handle_failure(JabberStream *js, xmlnode *packet, |
|
28754
b94fd073187c
jabber: Fix that leak I mentioned (and fix a mistake where error/response weren't NULL-initialized)
Paul Aurich <paul@darkrain42.org>
parents:
28753
diff
changeset
|
545 xmlnode **reply, char **error) |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
546 { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
547 if (js->auth_fail_count++ < 5) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
548 if (js->current_mech && *js->current_mech) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
549 char *pos; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
550 if ((pos = strstr(js->sasl_mechs->str, js->current_mech))) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
551 g_string_erase(js->sasl_mechs, pos-js->sasl_mechs->str, strlen(js->current_mech)); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
552 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
553 /* Remove space which separated this mech from the next */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
554 if ((js->sasl_mechs->str)[0] == ' ') { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
555 g_string_erase(js->sasl_mechs, 0, 1); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
556 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
557 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
558 if (*js->sasl_mechs->str) { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
559 /* If we have remaining mechs to try, do so */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
560 sasl_dispose(&js->sasl); |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
561 |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
562 return jabber_auth_start_cyrus(js, reply, error); |
|
29872
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
563 |
|
30010
1518b6b70556
jabber: Blacklist EXTERNAL when using Cyrus. Allows connecting when it's advertised.
Paul Aurich <paul@darkrain42.org>
parents:
30009
diff
changeset
|
564 } else if ((js->auth_fail_count == 1) && |
|
29872
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
565 (js->current_mech && g_str_equal(js->current_mech, "GSSAPI"))) { |
|
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
566 /* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth |
|
29965
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
567 * for compatibility with iChat 10.5 Server and other jabberd based servers. |
|
29872
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
568 * |
|
29965
6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
Evan Schoenberg <evan.s@dreskin.net>
parents:
29877
diff
changeset
|
569 * iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often |
|
29872
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
570 * not configured on the client side, and expects a fallback to jabber:iq:auth when it (predictably) fails. |
|
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
571 * |
|
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
572 * Note: xep-0078 points out that using jabber:iq:auth after a sasl failure is wrong. However, |
|
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
573 * I believe this refers to actual authentication failure, not a simple lack of concordant mechanisms. |
|
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
574 * Doing otherwise means that simply compiling with SASL support renders the client unable to connect to servers |
|
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
575 * which would connect without issue otherwise. -evands |
|
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
576 */ |
|
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
577 sasl_dispose(&js->sasl); |
|
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
578 js->sasl = NULL; |
|
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
579 js->auth_mech = NULL; |
|
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
580 jabber_auth_start_old(js); |
|
a044ddee7878
Improve on a hack I commited in 12/2007 which allows connection via XMPP to iChat Server 10.5 when CYRUS-SASL is compiled with GSSAPI support but no GSSAPI credentials are valid to connect to the server. Instead of always trying jabber:iq:auth if all SASL mechs fail, we now only do so in the specific case of a single mech having been attempted and that mech being GSSAPI. In general, this means that we now gracefully fail authentication with SASL rather than getting ourselves booted from servers not expecting a jabber:iq:auth stanza.
Evan Schoenberg <evan.s@dreskin.net>
parents:
29856
diff
changeset
|
581 return JABBER_SASL_STATE_CONTINUE; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
582 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
583 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
584 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
585 /* Nothing to send */ |
|
28753
8a5252630857
jabber: Fix up the cyrus auth code (although there's a leak currently)
Paul Aurich <paul@darkrain42.org>
parents:
28715
diff
changeset
|
586 return JABBER_SASL_STATE_FAIL; |
|
28696
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
587 } |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
588 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
589 static JabberSaslMech cyrus_mech = { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
590 100, /* priority */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
591 "*", /* name; Cyrus provides a bunch of mechanisms, so use an invalid |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
592 * mechanism name (per rfc4422 3.1). */ |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
593 jabber_cyrus_start, |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
594 jabber_cyrus_handle_challenge, |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
595 jabber_cyrus_handle_success, |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
596 jabber_cyrus_handle_failure, |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
597 NULL, |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
598 }; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
599 |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
600 JabberSaslMech *jabber_auth_get_cyrus_mech(void) |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
601 { |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
602 return &cyrus_mech; |
|
8ada06fb65ed
jabber: Factor the SASL auth methods into their own files.
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
603 } |