X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fxmpp%2Fxmpp_sasl_service.c;h=1b2e98ae98197697b75a60f955127dfdef335d0f;hb=e329db30593524cc2d8851a4500bac41f2340354;hp=8e952d2c83de3d3ec8542cb4dbd3b0eb3fb49063;hpb=131b59b3ca3c8368c6ad179ef7fb9cc02e99ede4;p=citadel.git

diff --git a/citadel/modules/xmpp/xmpp_sasl_service.c b/citadel/modules/xmpp/xmpp_sasl_service.c
index 8e952d2c8..1b2e98ae9 100644
--- a/citadel/modules/xmpp/xmpp_sasl_service.c
+++ b/citadel/modules/xmpp/xmpp_sasl_service.c
@@ -1,26 +1,17 @@
 /*
- * $Id$ 
- *
  * Barebones SASL authentication service for XMPP (Jabber) clients.
  *
  * Note: RFC3920 says we "must" support DIGEST-MD5 but we only support PLAIN.
  *
- * Copyright (c) 2007-2009 by Art Cancro
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
+ * Copyright (c) 2007-2018 by Art Cancro
  *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * This program is open source software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3.
  *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
  */
 
 #include "sysdep.h"
@@ -72,7 +63,8 @@ int xmpp_auth_plain(char *authstring)
 	char user[256];
 	char pass[256];
 	int result;
-
+	long len;
+	int i;
 
 	/* Take apart the authentication string */
 	memset(pass, 0, sizeof(pass));
@@ -80,27 +72,36 @@ int xmpp_auth_plain(char *authstring)
 	CtdlDecodeBase64(decoded_authstring, authstring, strlen(authstring));
 	safestrncpy(ident, decoded_authstring, sizeof ident);
 	safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
-	safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
-
+	len = safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
+	if (len < 0)
+		len = -len;
 
 	/* If there are underscores in either string, change them to spaces.  Some clients
 	 * do not allow spaces so we can tell the user to substitute underscores if their
 	 * login name contains spaces.
 	 */
-	convert_spaces_to_underscores(ident);
-	convert_spaces_to_underscores(user);
+	for (i=0; ident[i]!=0; ++i) {
+		if (ident[i] == '_') {
+			ident[i] = ' ';
+		}
+	}
+	for (i=0; user[i]!=0; ++i) {
+		if (user[i] == '_') {
+			user[i] = ' ';
+		}
+	}
 
 	/* Now attempt authentication */
 
 	if (!IsEmptyStr(ident)) {
-		result = CtdlLoginExistingUser(user, ident);
+		result = CtdlLoginExistingUser(ident);
 	}
 	else {
-		result = CtdlLoginExistingUser(NULL, user);
+		result = CtdlLoginExistingUser(user);
 	}
 
 	if (result == login_ok) {
-		if (CtdlTryPassword(pass) == pass_ok) {
+		if (CtdlTryPassword(pass, len) == pass_ok) {
 			return(0);				/* success */
 		}
 	}
@@ -154,22 +155,23 @@ void xmpp_sasl_auth(char *sasl_auth_mech, char *authstring) {
 /*
  * Non-SASL authentication
  */
-void xmpp_non_sasl_authenticate(char *iq_id, char *username, char *password, char *resource) {
+void xmpp_non_sasl_authenticate(char *iq_id, char *username, char *password) {
 	int result;
+	char xmlbuf[256];
 
         if (CC->logged_in) CtdlUserLogout();  /* Client may try to log in twice.  Handle this. */
 
-	result = CtdlLoginExistingUser(NULL, username);
+	result = CtdlLoginExistingUser(username);
 	if (result == login_ok) {
-		result = CtdlTryPassword(password);
+		result = CtdlTryPassword(password, strlen(password));
 		if (result == pass_ok) {
-			cprintf("<iq type=\"result\" id=\"%s\"></iq>", iq_id);	/* success */
+			cprintf("<iq type=\"result\" id=\"%s\"></iq>", xmlesc(xmlbuf, iq_id, sizeof xmlbuf));	/* success */
 			return;
 		}
 	}
 
 	/* failure */
-	cprintf("<iq type=\"error\" id=\"%s\">", iq_id);
+	cprintf("<iq type=\"error\" id=\"%s\">", xmlesc(xmlbuf, iq_id, sizeof xmlbuf));
 	cprintf("<error code=\"401\" type=\"auth\">"
 		"<not-authorized xmlns=\"urn:ietf:params:xml:ns:xmpp-stanzas\"/>"
 		"</error>"