2 * Barebones SASL authentication service for XMPP (Jabber) clients.
4 * Note: RFC3920 says we "must" support DIGEST-MD5 but we only support PLAIN.
6 * Copyright (c) 2007-2018 by Art Cancro
8 * This program is open source software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 3.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
25 #include <sys/types.h>
27 #if TIME_WITH_SYS_TIME
28 # include <sys/time.h>
32 # include <sys/time.h>
43 #include <libcitadel.h>
46 #include "citserver.h"
50 #include "internet_addressing.h"
52 #include "ctdl_module.h"
53 #include "serv_xmpp.h"
57 * PLAIN authentication. Returns zero on success, nonzero on failure.
59 int xmpp_auth_plain(char *authstring)
61 char decoded_authstring[1024];
69 /* Take apart the authentication string */
70 memset(pass, 0, sizeof(pass));
72 CtdlDecodeBase64(decoded_authstring, authstring, strlen(authstring));
73 safestrncpy(ident, decoded_authstring, sizeof ident);
74 safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
75 len = safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
79 /* If there are underscores in either string, change them to spaces. Some clients
80 * do not allow spaces so we can tell the user to substitute underscores if their
81 * login name contains spaces.
83 for (i=0; ident[i]!=0; ++i) {
84 if (ident[i] == '_') {
88 for (i=0; user[i]!=0; ++i) {
94 /* Now attempt authentication */
96 if (!IsEmptyStr(ident)) {
97 result = CtdlLoginExistingUser(ident);
100 result = CtdlLoginExistingUser(user);
103 if (result == login_ok) {
104 if (CtdlTryPassword(pass, len) == pass_ok) {
105 return(0); /* success */
109 return(1); /* failure */
114 * Output the list of SASL mechanisms offered by this stream.
116 void xmpp_output_auth_mechs(void) {
117 cprintf("<mechanisms xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
118 cprintf("<mechanism>PLAIN</mechanism>");
119 cprintf("</mechanisms>");
123 * Here we go ... client is trying to authenticate.
125 void xmpp_sasl_auth(char *sasl_auth_mech, char *authstring) {
127 if (strcasecmp(sasl_auth_mech, "PLAIN")) {
128 cprintf("<failure xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
129 cprintf("<invalid-mechanism/>");
130 cprintf("</failure>");
134 if (CC->logged_in) CtdlUserLogout(); /* Client may try to log in twice. Handle this. */
137 cprintf("<failure xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
138 cprintf("<system-shutdown/>");
139 cprintf("</failure>");
142 else if (xmpp_auth_plain(authstring) == 0) {
143 cprintf("<success xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\"/>");
147 cprintf("<failure xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
148 cprintf("<not-authorized/>");
149 cprintf("</failure>");
156 * Non-SASL authentication
158 void xmpp_non_sasl_authenticate(char *iq_id, char *username, char *password) {
162 if (CC->logged_in) CtdlUserLogout(); /* Client may try to log in twice. Handle this. */
164 result = CtdlLoginExistingUser(username);
165 if (result == login_ok) {
166 result = CtdlTryPassword(password, strlen(password));
167 if (result == pass_ok) {
168 cprintf("<iq type=\"result\" id=\"%s\"></iq>", xmlesc(xmlbuf, iq_id, sizeof xmlbuf)); /* success */
174 cprintf("<iq type=\"error\" id=\"%s\">", xmlesc(xmlbuf, iq_id, sizeof xmlbuf));
175 cprintf("<error code=\"401\" type=\"auth\">"
176 "<not-authorized xmlns=\"urn:ietf:params:xml:ns:xmpp-stanzas\"/>"