X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fxmpp%2Fxmpp_sasl_service.c;h=e7ad1a2b19f40e035750d0d2b750a9abc8957856;hb=e7c125bafc3bd24fd9cfb18c39b29abd19c7478f;hp=a9d73b3602b483a4cb383e459a0bbf2e377ada57;hpb=6a969c7e8f80199f8b8bd5d76b40eb3f53ab3ca4;p=citadel.git diff --git a/citadel/modules/xmpp/xmpp_sasl_service.c b/citadel/modules/xmpp/xmpp_sasl_service.c index a9d73b360..e7ad1a2b1 100644 --- a/citadel/modules/xmpp/xmpp_sasl_service.c +++ b/citadel/modules/xmpp/xmpp_sasl_service.c @@ -1,25 +1,23 @@ /* - * $Id$ - * * Barebones SASL authentication service for XMPP (Jabber) clients. * * Note: RFC3920 says we "must" support DIGEST-MD5 but we only support PLAIN. * * Copyright (c) 2007-2009 by Art Cancro * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. + * This program is open source software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3. + * + * * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * + * * */ @@ -67,21 +65,37 @@ */ int xmpp_auth_plain(char *authstring) { - char decoded_authstring[1024]; - char ident[256]; - char user[256]; - char pass[256]; + StrBuf *AuthBuf; + const char *decoded_authstring; + char ident[256] = ""; + char user[256] = ""; + char pass[256] = ""; int result; + long len; /* Take apart the authentication string */ memset(pass, 0, sizeof(pass)); - CtdlDecodeBase64(decoded_authstring, authstring, strlen(authstring)); - safestrncpy(ident, decoded_authstring, sizeof ident); - safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user); - safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass); + AuthBuf = NewStrBufPlain(authstring, -1); + len = StrBufDecodeBase64(AuthBuf); + if (len > 0) + { + decoded_authstring = ChrPtr(AuthBuf); + + len = safestrncpy(ident, decoded_authstring, sizeof ident); + + decoded_authstring += len + 1; + len = safestrncpy(user, decoded_authstring, sizeof user); + + decoded_authstring += len + 1; + + len = safestrncpy(pass, decoded_authstring, sizeof pass); + if (len < 0) + len = sizeof(pass) - 1; + } + FreeStrBuf(&AuthBuf); /* If there are underscores in either string, change them to spaces. Some clients * do not allow spaces so we can tell the user to substitute underscores if their @@ -100,7 +114,7 @@ int xmpp_auth_plain(char *authstring) } if (result == login_ok) { - if (CtdlTryPassword(pass) == pass_ok) { + if (CtdlTryPassword(pass, len) == pass_ok) { return(0); /* success */ } } @@ -162,7 +176,7 @@ void xmpp_non_sasl_authenticate(char *iq_id, char *username, char *password, cha result = CtdlLoginExistingUser(NULL, username); if (result == login_ok) { - result = CtdlTryPassword(password); + result = CtdlTryPassword(password, strlen(password)); if (result == pass_ok) { cprintf("", xmlesc(xmlbuf, iq_id, sizeof xmlbuf)); /* success */ return;