From 76afe54e0bbcf663a0fdf7e4c338b24f9ace4a57 Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Thu, 6 Dec 2007 22:26:20 +0000 Subject: [PATCH] Require tag for bind attempts. And only allow it after login. --- citadel/modules/jabber/serv_xmpp.c | 16 +++++++++++++--- citadel/modules/jabber/serv_xmpp.h | 2 ++ citadel/modules/jabber/xmpp_query_namespace.c | 7 +++++++ 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/citadel/modules/jabber/serv_xmpp.c b/citadel/modules/jabber/serv_xmpp.c index 00bdc19d7..00c08bd89 100644 --- a/citadel/modules/jabber/serv_xmpp.c +++ b/citadel/modules/jabber/serv_xmpp.c @@ -89,8 +89,8 @@ void xmpp_stream_start(void *data, const char *supplied_el, const char **attr) /* If we're not logged in yet, offer SASL as our feature set */ xmpp_output_auth_mechs(); - /* Also offer non-SASL authentication */ - cprintf(""); + /* Also offer non-SASL authentication + cprintf(""); */ } /* Offer binding and sessions as part of our feature set */ @@ -129,6 +129,10 @@ void xmpp_xml_start(void *data, const char *supplied_el, const char **attr) { safestrncpy(XMPP->iq_query_xmlns, supplied_el, sizeof XMPP->iq_query_xmlns); } + else if (!strcasecmp(el, "bind")) { + XMPP->bind_requested = 1; + } + else if (!strcasecmp(el, "iq")) { for (i=0; attr[i] != NULL; i+=2) { if (!strcasecmp(attr[i], "type")) { @@ -219,7 +223,12 @@ void xmpp_xml_end(void *data, const char *supplied_el) { /* * If this stanza was a "bind" attempt, process it ... */ - else if ( (!IsEmptyStr(XMPP->iq_id)) && (!IsEmptyStr(XMPP->iq_client_resource)) ) { + else if ( + (XMPP->bind_requested) + && (!IsEmptyStr(XMPP->iq_id)) + && (!IsEmptyStr(XMPP->iq_client_resource)) + && (CC->logged_in) + ) { /* Generate the "full JID" of the client resource */ @@ -257,6 +266,7 @@ void xmpp_xml_end(void *data, const char *supplied_el) { XMPP->iq_client_resource[0] = 0; XMPP->iq_session = 0; XMPP->iq_query_xmlns[0] = 0; + XMPP->bind_requested = 0; } else if (!strcasecmp(el, "auth")) { diff --git a/citadel/modules/jabber/serv_xmpp.h b/citadel/modules/jabber/serv_xmpp.h index b3d55d09f..f00bd743d 100644 --- a/citadel/modules/jabber/serv_xmpp.h +++ b/citadel/modules/jabber/serv_xmpp.h @@ -25,6 +25,8 @@ struct citxmpp { /* Information about the current session */ char message_to[256]; char *message_body; /* Message body in transit */ int html_tag_level; /* tag nesting level */ + + int bind_requested; /* In this stanza, client is asking server to bind a resource. */ }; #define XMPP ((struct citxmpp *)CC->session_specific_data) diff --git a/citadel/modules/jabber/xmpp_query_namespace.c b/citadel/modules/jabber/xmpp_query_namespace.c index 3d552e056..e89fb8cfe 100644 --- a/citadel/modules/jabber/xmpp_query_namespace.c +++ b/citadel/modules/jabber/xmpp_query_namespace.c @@ -118,6 +118,13 @@ void xmpp_query_namespace(char *iq_id, char *iq_from, char *iq_to, char *query_x jabber_iq_roster_query(); } + else if (!strcasecmp(query_xmlns, "jabber:iq:auth:query")) { + cprintf("" + "" + "" + ); + } + /* * End of query result. If we didn't hit any known namespaces then we will * have simply delivered an empty result stanza, which should be ok. -- 2.39.2