Require <bind> tag for bind attempts.

And only allow it after login.

diff --git a/citadel/modules/jabber/serv_xmpp.c b/citadel/modules/jabber/serv_xmpp.c
index 00bdc19d769f6d54e88df615e6e562b7f1f5c5a0..00c08bd893facb95666de2247975a6e892f83f08 100644 (file)
--- a/citadel/modules/jabber/serv_xmpp.c
+++ b/citadel/modules/jabber/serv_xmpp.c
@@ -89,8 +89,8 @@ void xmpp_stream_start(void *data, const char *supplied_el, const char **attr)
                /* If we're not logged in yet, offer SASL as our feature set */
                xmpp_output_auth_mechs();
 
-               /* Also offer non-SASL authentication */
-               cprintf("<auth xmlns=\"http://jabber.org/features/iq-auth\"/>");
+               /* Also offer non-SASL authentication 
+               cprintf("<auth xmlns=\"http://jabber.org/features/iq-auth\"/>"); */
        }
 
        /* Offer binding and sessions as part of our feature set */
@@ -129,6 +129,10 @@ void xmpp_xml_start(void *data, const char *supplied_el, const char **attr) {
                safestrncpy(XMPP->iq_query_xmlns, supplied_el, sizeof XMPP->iq_query_xmlns);
        }
 
+       else if (!strcasecmp(el, "bind")) {
+               XMPP->bind_requested = 1;
+       }
+
        else if (!strcasecmp(el, "iq")) {
                for (i=0; attr[i] != NULL; i+=2) {
                        if (!strcasecmp(attr[i], "type")) {
@@ -219,7 +223,12 @@ void xmpp_xml_end(void *data, const char *supplied_el) {
                /*
                 * If this <iq> stanza was a "bind" attempt, process it ...
                 */
-               else if ( (!IsEmptyStr(XMPP->iq_id)) && (!IsEmptyStr(XMPP->iq_client_resource)) ) {
+               else if (
+                       (XMPP->bind_requested)
+                       && (!IsEmptyStr(XMPP->iq_id))
+                       && (!IsEmptyStr(XMPP->iq_client_resource))
+                       && (CC->logged_in)
+                       ) {
 
                        /* Generate the "full JID" of the client resource */
 
@@ -257,6 +266,7 @@ void xmpp_xml_end(void *data, const char *supplied_el) {
                XMPP->iq_client_resource[0] = 0;
                XMPP->iq_session = 0;
                XMPP->iq_query_xmlns[0] = 0;
+               XMPP->bind_requested = 0;
        }
 
        else if (!strcasecmp(el, "auth")) {

diff --git a/citadel/modules/jabber/serv_xmpp.h b/citadel/modules/jabber/serv_xmpp.h
index b3d55d09fe9babd4460a24a216e25df563ae1ad1..f00bd743d859018a8dde16d80b499a7ebfa6cc06 100644 (file)
--- a/citadel/modules/jabber/serv_xmpp.h
+++ b/citadel/modules/jabber/serv_xmpp.h
@@ -25,6 +25,8 @@ struct citxmpp {                      /* Information about the current session */
        char message_to[256];
        char *message_body;             /* Message body in transit */
        int html_tag_level;             /* <html> tag nesting level */
+
+       int bind_requested;             /* In this stanza, client is asking server to bind a resource. */
 };
 
 #define XMPP ((struct citxmpp *)CC->session_specific_data)

diff --git a/citadel/modules/jabber/xmpp_query_namespace.c b/citadel/modules/jabber/xmpp_query_namespace.c
index 3d552e056482db82a34df28bd33f2852caf6c950..e89fb8cfef118f83c94a216cc1914776eaf4d47a 100644 (file)
--- a/citadel/modules/jabber/xmpp_query_namespace.c
+++ b/citadel/modules/jabber/xmpp_query_namespace.c
@@ -118,6 +118,13 @@ void xmpp_query_namespace(char *iq_id, char *iq_from, char *iq_to, char *query_x
                jabber_iq_roster_query();
        }
 
+       else if (!strcasecmp(query_xmlns, "jabber:iq:auth:query")) {
+               cprintf("<query xmlns=\"jabber:iq:auth\">"
+                       "<username/><password/><resource/>"
+                       "</query>"
+               );
+       }
+
        /*
         * End of query result.  If we didn't hit any known namespaces then we will
         * have simply delivered an empty result stanza, which should be ok.