Mercurial > pidgin

comparison libgaim/protocols/jabber/auth.c @ 14192:60b1bc8dbf37

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[gaim-migrate @ 16863] Renamed 'core' to 'libgaim' committer: Tailor Script <tailor@pidgin.im>
author Evan Schoenberg <evan.s@dreskin.net>
date Sat, 19 Aug 2006 01:50:10 +0000
parents
children e2798f3d3a45
comparison
equal deleted inserted replaced
14191:009db0b357b5 14192:60b1bc8dbf37
1 /*
2 * gaim - Jabber Protocol Plugin
3 *
4 * Copyright (C) 2003, Nathan Walp <faceprint@faceprint.com>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21 #include "internal.h"
22
23 #include "jutil.h"
24 #include "auth.h"
25 #include "xmlnode.h"
26 #include "jabber.h"
27 #include "iq.h"
28
29 #include "debug.h"
30 #include "util.h"
31 #include "cipher.h"
32 #include "sslconn.h"
33 #include "request.h"
34
35 static void auth_old_result_cb(JabberStream *js, xmlnode *packet,
36 gpointer data);
37
38 gboolean
39 jabber_process_starttls(JabberStream *js, xmlnode *packet)
40 {
41 xmlnode *starttls;
42
43 if((starttls = xmlnode_get_child(packet, "starttls"))) {
44 if(gaim_account_get_bool(js->gc->account, "use_tls", TRUE) &&
45 gaim_ssl_is_supported()) {
46 jabber_send_raw(js,
47 "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>", -1);
48 return TRUE;
49 } else if(xmlnode_get_child(starttls, "required")) {
50 if(gaim_ssl_is_supported()) {
51 gaim_connection_error(js->gc, _("Server requires TLS/SSL for login. Select \"Use TLS if available\" in account properties"));
52 } else {
53 gaim_connection_error(js->gc, _("Server requires TLS/SSL for login. No TLS/SSL support found."));
54 }
55 return TRUE;
56 }
57 }
58
59 return FALSE;
60 }
61
62 static void finish_plaintext_authentication(JabberStream *js)
63 {
64 if(js->auth_type == JABBER_AUTH_PLAIN) {
65 xmlnode *auth;
66 GString *response;
67 gchar *enc_out;
68
69 auth = xmlnode_new("auth");
70 xmlnode_set_namespace(auth, "urn:ietf:params:xml:ns:xmpp-sasl");
71
72 response = g_string_new("");
73 response = g_string_append_len(response, "\0", 1);
74 response = g_string_append(response, js->user->node);
75 response = g_string_append_len(response, "\0", 1);
76 response = g_string_append(response,
77 gaim_connection_get_password(js->gc));
78
79 enc_out = gaim_base64_encode((guchar *)response->str, response->len);
80
81 xmlnode_set_attrib(auth, "mechanism", "PLAIN");
82 xmlnode_insert_data(auth, enc_out, -1);
83 g_free(enc_out);
84 g_string_free(response, TRUE);
85
86 jabber_send(js, auth);
87 xmlnode_free(auth);
88 } else if(js->auth_type == JABBER_AUTH_IQ_AUTH) {
89 JabberIq *iq;
90 xmlnode *query, *x;
91
92 iq = jabber_iq_new_query(js, JABBER_IQ_SET, "jabber:iq:auth");
93 query = xmlnode_get_child(iq->node, "query");
94 x = xmlnode_new_child(query, "username");
95 xmlnode_insert_data(x, js->user->node, -1);
96 x = xmlnode_new_child(query, "resource");
97 xmlnode_insert_data(x, js->user->resource, -1);
98 x = xmlnode_new_child(query, "password");
99 xmlnode_insert_data(x, gaim_connection_get_password(js->gc), -1);
100 jabber_iq_set_callback(iq, auth_old_result_cb, NULL);
101 jabber_iq_send(iq);
102 }
103 }
104
105 static void allow_plaintext_auth(GaimAccount *account)
106 {
107 gaim_account_set_bool(account, "auth_plain_in_clear", TRUE);
108
109 finish_plaintext_authentication(account->gc->proto_data);
110 }
111
112 static void disallow_plaintext_auth(GaimAccount *account)
113 {
114 gaim_connection_error(account->gc, _("Server requires plaintext authentication over an unencrypted stream"));
115 }
116
117 #ifdef HAVE_CYRUS_SASL
118
119 static void jabber_auth_start_cyrus(JabberStream *);
120
121 /* Callbacks for Cyrus SASL */
122
123 static int jabber_sasl_cb_realm(void *ctx, int id, const char **avail, const char **result)
124 {
125 JabberStream *js = (JabberStream *)ctx;
126
127 if (id != SASL_CB_GETREALM || !result) return SASL_BADPARAM;
128
129 *result = js->user->domain;
130
131 return SASL_OK;
132 }
133
134 static int jabber_sasl_cb_simple(void *ctx, int id, const char **res, unsigned *len)
135 {
136 JabberStream *js = (JabberStream *)ctx;
137
138 switch(id) {
139 case SASL_CB_AUTHNAME:
140 *res = js->user->node;
141 break;
142 case SASL_CB_USER:
143 *res = "";
144 break;
145 default:
146 return SASL_BADPARAM;
147 }
148 if (len) *len = strlen((char *)*res);
149 return SASL_OK;
150 }
151
152 static int jabber_sasl_cb_secret(sasl_conn_t *conn, void *ctx, int id, sasl_secret_t **secret)
153 {
154 JabberStream *js = (JabberStream *)ctx;
155 const char *pw = gaim_account_get_password(js->gc->account);
156 size_t len;
157 static sasl_secret_t *x = NULL;
158
159 if (!conn || !secret || id != SASL_CB_PASS)
160 return SASL_BADPARAM;
161
162 len = strlen(pw);
163 x = (sasl_secret_t *) realloc(x, sizeof(sasl_secret_t) + len);
164
165 if (!x)
166 return SASL_NOMEM;
167
168 x->len = len;
169 strcpy((char*)x->data, pw);
170
171 *secret = x;
172 return SASL_OK;
173 }
174
175 static void allow_cyrus_plaintext_auth(GaimAccount *account)
176 {
177 gaim_account_set_bool(account, "auth_plain_in_clear", TRUE);
178
179 jabber_auth_start_cyrus(account->gc->proto_data);
180 }
181
182 static void jabber_auth_start_cyrus(JabberStream *js)
183 {
184 const char *clientout = NULL, *mech = NULL;
185 char *enc_out;
186 unsigned coutlen = 0;
187 xmlnode *auth;
188 sasl_security_properties_t secprops;
189 gboolean again;
190 gboolean plaintext = TRUE;
191
192 /* Set up security properties and options */
193 secprops.min_ssf = 0;
194 secprops.security_flags = SASL_SEC_NOANONYMOUS;
195
196 if (!js->gsc) {
197 secprops.max_ssf = -1;
198 secprops.maxbufsize = 4096;
199 plaintext = gaim_account_get_bool(js->gc->account, "auth_plain_in_clear", FALSE);
200 if (!plaintext)
201 secprops.security_flags |= SASL_SEC_NOPLAINTEXT;
202 } else {
203 secprops.max_ssf = 0;
204 secprops.maxbufsize = 0;
205 plaintext = TRUE;
206 }
207 secprops.property_names = 0;
208 secprops.property_values = 0;
209
210 do {
211 again = FALSE;
212 /* Use the user's domain for compatibility with the old
213 * DIGESTMD5 code. Note that this may cause problems where
214 * the user's domain doesn't match the FQDN of the jabber
215 * service
216 */
217
218 js->sasl_state = sasl_client_new("xmpp", js->user->domain, NULL, NULL, js->sasl_cb, 0, &js->sasl);
219 if (js->sasl_state==SASL_OK) {
220 sasl_setprop(js->sasl, SASL_SEC_PROPS, &secprops);
221 gaim_debug_info("sasl", "Mechs found: %s\n", js->sasl_mechs->str);
222 js->sasl_state = sasl_client_start(js->sasl, js->sasl_mechs->str, NULL, &clientout, &coutlen, &mech);
223 }
224 switch (js->sasl_state) {
225 /* Success */
226 case SASL_OK:
227 case SASL_CONTINUE:
228 break;
229 case SASL_NOMECH:
230 /* No mechanisms do what we want. See if we can add
231 * plaintext ones to the list. */
232
233 if (!gaim_account_get_password(js->gc->account)) {
234 gaim_connection_error(js->gc, _("Server couldn't authenticate you without a password"));
235 return;
236 } else if (!plaintext) {
237 gaim_request_yes_no(js->gc, _("Plaintext Authentication"),
238 _("Plaintext Authentication"),
239 _("This server requires plaintext authentication over an unencrypted connection. Allow this and continue authentication?"),
240 2, js->gc->account,
241 allow_cyrus_plaintext_auth,
242 disallow_plaintext_auth);
243 return;
244 } else {
245 gaim_connection_error(js->gc, _("Server does not use any supported authentication method"));
246 return;
247 }
248 /* not reached */
249 break;
250
251 /* Fatal errors. Give up and go home */
252 case SASL_BADPARAM:
253 case SASL_NOMEM:
254 break;
255
256 /* For everything else, fail the mechanism and try again */
257 default:
258 gaim_debug_info("sasl", "sasl_state is %d, failing the mech and trying again\n", js->sasl_state);
259
260 /*
261 * DAA: is this right?
262 * The manpage says that "mech" will contain the chosen mechanism on success.
263 * Presumably, if we get here that isn't the case and we shouldn't try again?
264 * I suspect that this never happens.
265 */
266 if (mech && strlen(mech) > 0) {
267 char *pos;
268 if ((pos = strstr(js->sasl_mechs->str, mech))) {
269 g_string_erase(js->sasl_mechs, pos-js->sasl_mechs->str, strlen(mech));
270 }
271 again = TRUE;
272 }
273
274 sasl_dispose(&js->sasl);
275 }
276 } while (again);
277
278 if (js->sasl_state == SASL_CONTINUE || js->sasl_state == SASL_OK) {
279 auth = xmlnode_new("auth");
280 xmlnode_set_namespace(auth, "urn:ietf:params:xml:ns:xmpp-sasl");
281 xmlnode_set_attrib(auth, "mechanism", mech);
282 if (clientout) {
283 if (coutlen == 0) {
284 xmlnode_insert_data(auth, "=", -1);
285 } else {
286 enc_out = gaim_base64_encode((unsigned char*)clientout, coutlen);
287 xmlnode_insert_data(auth, enc_out, -1);
288 g_free(enc_out);
289 }
290 }
291 jabber_send(js, auth);
292 xmlnode_free(auth);
293 } else {
294 gaim_connection_error(js->gc, "SASL authentication failed\n");
295 }
296 }
297
298 static int
299 jabber_sasl_cb_log(void *context, int level, const char *message)
300 {
301 if(level <= SASL_LOG_TRACE)
302 gaim_debug_info("sasl", "%s\n", message);
303
304 return SASL_OK;
305 }
306
307 #endif
308
309 void
310 jabber_auth_start(JabberStream *js, xmlnode *packet)
311 {
312 #ifdef HAVE_CYRUS_SASL
313 int id;
314 #else
315 gboolean digest_md5 = FALSE, plain=FALSE;
316 #endif
317
318 xmlnode *mechs, *mechnode;
319
320
321 if(js->registration) {
322 jabber_register_start(js);
323 return;
324 }
325
326 mechs = xmlnode_get_child(packet, "mechanisms");
327
328 if(!mechs) {
329 gaim_connection_error(js->gc, _("Invalid response from server."));
330 return;
331 }
332
333 #ifdef HAVE_CYRUS_SASL
334 js->sasl_mechs = g_string_new("");
335 #endif
336
337 for(mechnode = xmlnode_get_child(mechs, "mechanism"); mechnode;
338 mechnode = xmlnode_get_next_twin(mechnode))
339 {
340 char *mech_name = xmlnode_get_data(mechnode);
341 #ifdef HAVE_CYRUS_SASL
342 g_string_append(js->sasl_mechs, mech_name);
343 g_string_append_c(js->sasl_mechs, ' ');
344 #else
345 if(mech_name && !strcmp(mech_name, "DIGEST-MD5"))
346 digest_md5 = TRUE;
347 else if(mech_name && !strcmp(mech_name, "PLAIN"))
348 plain = TRUE;
349 #endif
350 g_free(mech_name);
351 }
352
353 #ifdef HAVE_CYRUS_SASL
354 js->auth_type = JABBER_AUTH_CYRUS;
355
356 /* Set up our callbacks structure */
357 js->sasl_cb = g_new0(sasl_callback_t,6);
358
359 id = 0;
360 js->sasl_cb[id].id = SASL_CB_GETREALM;
361 js->sasl_cb[id].proc = jabber_sasl_cb_realm;
362 js->sasl_cb[id].context = (void *)js;
363 id++;
364
365 js->sasl_cb[id].id = SASL_CB_AUTHNAME;
366 js->sasl_cb[id].proc = jabber_sasl_cb_simple;
367 js->sasl_cb[id].context = (void *)js;
368 id++;
369
370 js->sasl_cb[id].id = SASL_CB_USER;
371 js->sasl_cb[id].proc = jabber_sasl_cb_simple;
372 js->sasl_cb[id].context = (void *)js;
373 id++;
374
375 if (gaim_account_get_password(js->gc->account)) {
376 js->sasl_cb[id].id = SASL_CB_PASS;
377 js->sasl_cb[id].proc = jabber_sasl_cb_secret;
378 js->sasl_cb[id].context = (void *)js;
379 id++;
380 }
381
382 js->sasl_cb[id].id = SASL_CB_LOG;
383 js->sasl_cb[id].proc = jabber_sasl_cb_log;
384 js->sasl_cb[id].context = (void*)js;
385 id++;
386
387 js->sasl_cb[id].id = SASL_CB_LIST_END;
388
389 jabber_auth_start_cyrus(js);
390 #else
391
392 if(digest_md5) {
393 xmlnode *auth;
394
395 js->auth_type = JABBER_AUTH_DIGEST_MD5;
396 auth = xmlnode_new("auth");
397 xmlnode_set_namespace(auth, "urn:ietf:params:xml:ns:xmpp-sasl");
398 xmlnode_set_attrib(auth, "mechanism", "DIGEST-MD5");
399
400 jabber_send(js, auth);
401 xmlnode_free(auth);
402 } else if(plain) {
403 js->auth_type = JABBER_AUTH_PLAIN;
404
405 if(js->gsc == NULL && !gaim_account_get_bool(js->gc->account, "auth_plain_in_clear", FALSE)) {
406 gaim_request_yes_no(js->gc, _("Plaintext Authentication"),
407 _("Plaintext Authentication"),
408 _("This server requires plaintext authentication over an unencrypted connection. Allow this and continue authentication?"),
409 2, js->gc->account, allow_plaintext_auth,
410 disallow_plaintext_auth);
411 return;
412 }
413 finish_plaintext_authentication(js);
414 } else {
415 gaim_connection_error(js->gc,
416 _("Server does not use any supported authentication method"));
417 }
418 #endif
419 }
420
421 static void auth_old_result_cb(JabberStream *js, xmlnode *packet, gpointer data)
422 {
423 const char *type = xmlnode_get_attrib(packet, "type");
424
425 if(type && !strcmp(type, "result")) {
426 jabber_stream_set_state(js, JABBER_STREAM_CONNECTED);
427 } else {
428 char *msg = jabber_parse_error(js, packet);
429 xmlnode *error;
430 const char *err_code;
431
432 if((error = xmlnode_get_child(packet, "error")) &&
433 (err_code = xmlnode_get_attrib(error, "code")) &&
434 !strcmp(err_code, "401")) {
435 js->gc->wants_to_die = TRUE;
436 }
437
438 gaim_connection_error(js->gc, msg);
439 g_free(msg);
440 }
441 }
442
443 static void auth_old_cb(JabberStream *js, xmlnode *packet, gpointer data)
444 {
445 JabberIq *iq;
446 xmlnode *query, *x;
447 const char *type = xmlnode_get_attrib(packet, "type");
448 const char *pw = gaim_connection_get_password(js->gc);
449
450 if(!type) {
451 gaim_connection_error(js->gc, _("Invalid response from server."));
452 return;
453 } else if(!strcmp(type, "error")) {
454 char *msg = jabber_parse_error(js, packet);
455 gaim_connection_error(js->gc, msg);
456 g_free(msg);
457 } else if(!strcmp(type, "result")) {
458 query = xmlnode_get_child(packet, "query");
459 if(js->stream_id && xmlnode_get_child(query, "digest")) {
460 unsigned char hashval[20];
461 char *s, h[41], *p;
462 int i;
463
464 iq = jabber_iq_new_query(js, JABBER_IQ_SET, "jabber:iq:auth");
465 query = xmlnode_get_child(iq->node, "query");
466 x = xmlnode_new_child(query, "username");
467 xmlnode_insert_data(x, js->user->node, -1);
468 x = xmlnode_new_child(query, "resource");
469 xmlnode_insert_data(x, js->user->resource, -1);
470
471 x = xmlnode_new_child(query, "digest");
472 s = g_strdup_printf("%s%s", js->stream_id, pw);
473
474 gaim_cipher_digest_region("sha1", (guchar *)s, strlen(s),
475 sizeof(hashval), hashval, NULL);
476
477 p = h;
478 for(i=0; i<20; i++, p+=2)
479 snprintf(p, 3, "%02x", hashval[i]);
480 xmlnode_insert_data(x, h, -1);
481 g_free(s);
482 jabber_iq_set_callback(iq, auth_old_result_cb, NULL);
483 jabber_iq_send(iq);
484
485 } else if(xmlnode_get_child(query, "password")) {
486 if(js->gsc == NULL && !gaim_account_get_bool(js->gc->account,
487 "auth_plain_in_clear", FALSE)) {
488 gaim_request_yes_no(js->gc, _("Plaintext Authentication"),
489 _("Plaintext Authentication"),
490 _("This server requires plaintext authentication over an unencrypted connection. Allow this and continue authentication?"),
491 2, js->gc->account, allow_plaintext_auth,
492 disallow_plaintext_auth);
493 return;
494 }
495 finish_plaintext_authentication(js);
496 } else {
497 gaim_connection_error(js->gc,
498 _("Server does not use any supported authentication method"));
499 return;
500 }
501 }
502 }
503
504 void jabber_auth_start_old(JabberStream *js)
505 {
506 JabberIq *iq;
507 xmlnode *query, *username;
508
509 iq = jabber_iq_new_query(js, JABBER_IQ_GET, "jabber:iq:auth");
510
511 query = xmlnode_get_child(iq->node, "query");
512 username = xmlnode_new_child(query, "username");
513 xmlnode_insert_data(username, js->user->node, -1);
514
515 jabber_iq_set_callback(iq, auth_old_cb, NULL);
516
517 jabber_iq_send(iq);
518 }
519
520 static GHashTable* parse_challenge(const char *challenge)
521 {
522 GHashTable *ret = g_hash_table_new_full(g_str_hash, g_str_equal,
523 g_free, g_free);
524 char **pairs;
525 int i;
526
527 pairs = g_strsplit(challenge, ",", -1);
528
529 for(i=0; pairs[i]; i++) {
530 char **keyval = g_strsplit(pairs[i], "=", 2);
531 if(keyval[0] && keyval[1]) {
532 if(keyval[1][0] == '"' && keyval[1][strlen(keyval[1])-1] == '"')
533 g_hash_table_replace(ret, g_strdup(keyval[0]), g_strndup(keyval[1]+1, strlen(keyval[1])-2));
534 else
535 g_hash_table_replace(ret, g_strdup(keyval[0]), g_strdup(keyval[1]));
536 }
537 g_strfreev(keyval);
538 }
539
540 g_strfreev(pairs);
541
542 return ret;
543 }
544
545 static char *
546 generate_response_value(JabberID *jid, const char *passwd, const char *nonce,
547 const char *cnonce, const char *a2, const char *realm)
548 {
549 GaimCipher *cipher;
550 GaimCipherContext *context;
551 guchar result[16];
552 size_t a1len;
553
554 gchar *a1, *convnode=NULL, *convpasswd = NULL, *ha1, *ha2, *kd, *x, *z;
555
556 if((convnode = g_convert(jid->node, strlen(jid->node), "iso-8859-1", "utf-8",
557 NULL, NULL, NULL)) == NULL) {
558 convnode = g_strdup(jid->node);
559 }
560 if(passwd && ((convpasswd = g_convert(passwd, strlen(passwd), "iso-8859-1",
561 "utf-8", NULL, NULL, NULL)) == NULL)) {
562 convpasswd = g_strdup(passwd);
563 }
564
565 cipher = gaim_ciphers_find_cipher("md5");
566 context = gaim_cipher_context_new(cipher, NULL);
567
568 x = g_strdup_printf("%s:%s:%s", convnode, realm, convpasswd ? convpasswd : "");
569 gaim_cipher_context_append(context, (const guchar *)x, strlen(x));
570 gaim_cipher_context_digest(context, sizeof(result), result, NULL);
571
572 a1 = g_strdup_printf("xxxxxxxxxxxxxxxx:%s:%s", nonce, cnonce);
573 a1len = strlen(a1);
574 g_memmove(a1, result, 16);
575
576 gaim_cipher_context_reset(context, NULL);
577 gaim_cipher_context_append(context, (const guchar *)a1, a1len);
578 gaim_cipher_context_digest(context, sizeof(result), result, NULL);
579
580 ha1 = gaim_base16_encode(result, 16);
581
582 gaim_cipher_context_reset(context, NULL);
583 gaim_cipher_context_append(context, (const guchar *)a2, strlen(a2));
584 gaim_cipher_context_digest(context, sizeof(result), result, NULL);
585
586 ha2 = gaim_base16_encode(result, 16);
587
588 kd = g_strdup_printf("%s:%s:00000001:%s:auth:%s", ha1, nonce, cnonce, ha2);
589
590 gaim_cipher_context_reset(context, NULL);
591 gaim_cipher_context_append(context, (const guchar *)kd, strlen(kd));
592 gaim_cipher_context_digest(context, sizeof(result), result, NULL);
593 gaim_cipher_context_destroy(context);
594
595 z = gaim_base16_encode(result, 16);
596
597 g_free(convnode);
598 g_free(convpasswd);
599 g_free(x);
600 g_free(a1);
601 g_free(ha1);
602 g_free(ha2);
603 g_free(kd);
604
605 return z;
606 }
607
608 void
609 jabber_auth_handle_challenge(JabberStream *js, xmlnode *packet)
610 {
611
612 if(js->auth_type == JABBER_AUTH_DIGEST_MD5) {
613 char *enc_in = xmlnode_get_data(packet);
614 char *dec_in;
615 char *enc_out;
616 GHashTable *parts;
617
618 if(!enc_in) {
619 gaim_connection_error(js->gc, _("Invalid response from server."));
620 return;
621 }
622
623 dec_in = (char *)gaim_base64_decode(enc_in, NULL);
624 gaim_debug(GAIM_DEBUG_MISC, "jabber", "decoded challenge (%d): %s\n",
625 strlen(dec_in), dec_in);
626
627 parts = parse_challenge(dec_in);
628
629
630 if (g_hash_table_lookup(parts, "rspauth")) {
631 char *rspauth = g_hash_table_lookup(parts, "rspauth");
632
633
634 if(rspauth && js->expected_rspauth &&
635 !strcmp(rspauth, js->expected_rspauth)) {
636 jabber_send_raw(js,
637 "<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl' />",
638 -1);
639 } else {
640 gaim_connection_error(js->gc, _("Invalid challenge from server"));
641 }
642 g_free(js->expected_rspauth);
643 } else {
644 /* assemble a response, and send it */
645 /* see RFC 2831 */
646 GString *response = g_string_new("");
647 char *a2;
648 char *auth_resp;
649 char *buf;
650 char *cnonce;
651 char *realm;
652 char *nonce;
653
654 /* we're actually supposed to prompt the user for a realm if
655 * the server doesn't send one, but that really complicates things,
656 * so i'm not gonna worry about it until is poses a problem to
657 * someone, or I get really bored */
658 realm = g_hash_table_lookup(parts, "realm");
659 if(!realm)
660 realm = js->user->domain;
661
662 cnonce = g_strdup_printf("%x%u%x", g_random_int(), (int)time(NULL),
663 g_random_int());
664 nonce = g_hash_table_lookup(parts, "nonce");
665
666
667 a2 = g_strdup_printf("AUTHENTICATE:xmpp/%s", realm);
668 auth_resp = generate_response_value(js->user,
669 gaim_connection_get_password(js->gc), nonce, cnonce, a2, realm);
670 g_free(a2);
671
672 a2 = g_strdup_printf(":xmpp/%s", realm);
673 js->expected_rspauth = generate_response_value(js->user,
674 gaim_connection_get_password(js->gc), nonce, cnonce, a2, realm);
675 g_free(a2);
676
677
678 g_string_append_printf(response, "username=\"%s\"", js->user->node);
679 g_string_append_printf(response, ",realm=\"%s\"", realm);
680 g_string_append_printf(response, ",nonce=\"%s\"", nonce);
681 g_string_append_printf(response, ",cnonce=\"%s\"", cnonce);
682 g_string_append_printf(response, ",nc=00000001");
683 g_string_append_printf(response, ",qop=auth");
684 g_string_append_printf(response, ",digest-uri=\"xmpp/%s\"", realm);
685 g_string_append_printf(response, ",response=%s", auth_resp);
686 g_string_append_printf(response, ",charset=utf-8");
687
688 g_free(auth_resp);
689 g_free(cnonce);
690
691 enc_out = gaim_base64_encode((guchar *)response->str, response->len);
692
693 gaim_debug(GAIM_DEBUG_MISC, "jabber", "decoded response (%d): %s\n", response->len, response->str);
694
695 buf = g_strdup_printf("<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>%s</response>", enc_out);
696
697 jabber_send_raw(js, buf, -1);
698
699 g_free(buf);
700
701 g_free(enc_out);
702
703 g_string_free(response, TRUE);
704 }
705
706 g_free(enc_in);
707 g_free(dec_in);
708 g_hash_table_destroy(parts);
709 }
710 #ifdef HAVE_CYRUS_SASL
711 else if (js->auth_type == JABBER_AUTH_CYRUS) {
712 char *enc_in = xmlnode_get_data(packet);
713 unsigned char *dec_in;
714 char *enc_out;
715 const char *c_out;
716 unsigned int clen;
717 gsize declen;
718 xmlnode *response;
719
720 dec_in = gaim_base64_decode(enc_in, &declen);
721
722 js->sasl_state = sasl_client_step(js->sasl, (char*)dec_in, declen,
723 NULL, &c_out, &clen);
724 g_free(dec_in);
725 if (js->sasl_state != SASL_CONTINUE && js->sasl_state != SASL_OK) {
726 gaim_debug_error("jabber", "Error is %d : %s\n",js->sasl_state,sasl_errdetail(js->sasl));
727 gaim_connection_error(js->gc, _("SASL error"));
728 return;
729 } else {
730 response = xmlnode_new("response");
731 xmlnode_set_namespace(response, "urn:ietf:params:xml:ns:xmpp-sasl");
732 if (c_out) {
733 enc_out = gaim_base64_encode((unsigned char*)c_out, clen);
734 xmlnode_insert_data(response, enc_out, -1);
735 g_free(enc_out);
736 }
737 jabber_send(js, response);
738 xmlnode_free(response);
739 }
740 }
741 #endif
742 }
743
744 void jabber_auth_handle_success(JabberStream *js, xmlnode *packet)
745 {
746 const char *ns = xmlnode_get_namespace(packet);
747 #ifdef HAVE_CYRUS_SASL
748 int *x;
749 #endif
750
751 if(!ns || strcmp(ns, "urn:ietf:params:xml:ns:xmpp-sasl")) {
752 gaim_connection_error(js->gc, _("Invalid response from server."));
753 return;
754 }
755
756 #ifdef HAVE_CYRUS_SASL
757 /* The SASL docs say that if the client hasn't returned OK yet, we
758 * should try one more round against it
759 */
760 if (js->sasl_state != SASL_OK) {
761 js->sasl_state = sasl_client_step(js->sasl, NULL, 0, NULL, NULL, NULL);
762 if (js->sasl_state != SASL_OK) {
763 /* This should never happen! */
764 gaim_connection_error(js->gc, _("Invalid response from server."));
765 }
766 }
767 /* If we've negotiated a security layer, we need to enable it */
768 sasl_getprop(js->sasl, SASL_SSF, (const void **)&x);
769 if (*x>0) {
770 sasl_getprop(js->sasl, SASL_MAXOUTBUF, (const void **)&x);
771 js->sasl_maxbuf = *x;
772 }
773 #endif
774
775 jabber_stream_set_state(js, JABBER_STREAM_REINITIALIZING);
776 }
777
778 void jabber_auth_handle_failure(JabberStream *js, xmlnode *packet)
779 {
780 char *msg = jabber_parse_error(js, packet);
781
782 if(!msg) {
783 gaim_connection_error(js->gc, _("Invalid response from server."));
784 } else {
785 gaim_connection_error(js->gc, msg);
786 g_free(msg);
787 }
788 }