4 * Barebones SASL authentication service for XMPP (Jabber) clients.
6 * Why barebones? Because RFC3920 says we "must" support DIGEST-MD5 but
7 * we only support PLAIN.
9 * Copyright (c) 2007 by Art Cancro
10 * This code is released under the terms of the GNU General Public License.
22 #include <sys/types.h>
24 #if TIME_WITH_SYS_TIME
25 # include <sys/time.h>
29 # include <sys/time.h>
39 #include <libcitadel.h>
42 #include "citserver.h"
46 #include "internet_addressing.h"
48 #include "ctdl_module.h"
52 #include "serv_xmpp.h"
56 * PLAIN authentication. Returns zero on success, nonzero on failure.
58 int xmpp_auth_plain(char *authstring)
60 char decoded_authstring[1024];
66 CtdlDecodeBase64(decoded_authstring, authstring, strlen(authstring));
67 safestrncpy(ident, decoded_authstring, sizeof ident);
68 safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
69 safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
71 if (!IsEmptyStr(ident)) {
72 result = CtdlLoginExistingUser(user, ident);
75 result = CtdlLoginExistingUser(NULL, user);
78 if (result == login_ok) {
79 if (CtdlTryPassword(pass) == pass_ok) {
80 return(0); /* success */
84 return(1); /* failure */
89 * Output the list of SASL mechanisms offered by this stream.
91 void xmpp_output_auth_mechs(void) {
92 cprintf("<mechanisms xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
93 cprintf("<mechanism>PLAIN</mechanism>");
94 cprintf("</mechanisms>");
98 * Here we go ... client is trying to authenticate.
100 void xmpp_sasl_auth(char *sasl_auth_mech, char *authstring) {
102 if (strcasecmp(sasl_auth_mech, "PLAIN")) {
103 cprintf("<failure xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
104 cprintf("<invalid-mechanism/>");
105 cprintf("</failure>");
109 if (CC->logged_in) logout(CC); /* Client may try to log in twice. Handle this. */
111 if (xmpp_auth_plain(authstring) == 0) {
112 cprintf("<success xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\"/>");
116 cprintf("<failure xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
117 cprintf("<not-authorized/>");
118 cprintf("</failure>");
123 * Offer non-SASL authentication to legacy clients.
125 void jabber_offer_non_sasl_authentication(void) {
126 cprintf("<query xmlns=\"jabber:iq:auth\">"
135 #endif /* HAVE_EXPAT */