4 * Barebones SASL authentication service for XMPP (Jabber) clients.
6 * Note: RFC3920 says we "must" support DIGEST-MD5 but we only support PLAIN.
8 * Copyright (c) 2007 by Art Cancro
9 * This code is released under the terms of the GNU General Public License.
21 #include <sys/types.h>
23 #if TIME_WITH_SYS_TIME
24 # include <sys/time.h>
28 # include <sys/time.h>
39 #include <libcitadel.h>
42 #include "citserver.h"
46 #include "internet_addressing.h"
48 #include "ctdl_module.h"
49 #include "serv_xmpp.h"
53 * PLAIN authentication. Returns zero on success, nonzero on failure.
55 int xmpp_auth_plain(char *authstring)
57 char decoded_authstring[1024];
64 /* Take apart the authentication string */
65 memset(pass, 0, sizeof(pass));
67 CtdlDecodeBase64(decoded_authstring, authstring, strlen(authstring));
68 safestrncpy(ident, decoded_authstring, sizeof ident);
69 safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
70 safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
73 /* If there are underscores in either string, change them to spaces. Some clients
74 * do not allow spaces so we can tell the user to substitute underscores if their
75 * login name contains spaces.
77 convert_spaces_to_underscores(ident);
78 convert_spaces_to_underscores(user);
80 /* Now attempt authentication */
82 if (!IsEmptyStr(ident)) {
83 result = CtdlLoginExistingUser(user, ident);
86 result = CtdlLoginExistingUser(NULL, user);
89 if (result == login_ok) {
90 if (CtdlTryPassword(pass) == pass_ok) {
91 return(0); /* success */
95 return(1); /* failure */
100 * Output the list of SASL mechanisms offered by this stream.
102 void xmpp_output_auth_mechs(void) {
103 cprintf("<mechanisms xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
104 cprintf("<mechanism>PLAIN</mechanism>");
105 cprintf("</mechanisms>");
109 * Here we go ... client is trying to authenticate.
111 void xmpp_sasl_auth(char *sasl_auth_mech, char *authstring) {
113 if (strcasecmp(sasl_auth_mech, "PLAIN")) {
114 cprintf("<failure xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
115 cprintf("<invalid-mechanism/>");
116 cprintf("</failure>");
120 if (CC->logged_in) logout(); /* Client may try to log in twice. Handle this. */
123 cprintf("<failure xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
124 cprintf("<system-shutdown/>");
125 cprintf("</failure>");
128 else if (xmpp_auth_plain(authstring) == 0) {
129 cprintf("<success xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\"/>");
133 cprintf("<failure xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
134 cprintf("<not-authorized/>");
135 cprintf("</failure>");
142 * Non-SASL authentication
144 void jabber_non_sasl_authenticate(char *iq_id, char *username, char *password, char *resource) {
147 if (CC->logged_in) logout(); /* Client may try to log in twice. Handle this. */
149 result = CtdlLoginExistingUser(NULL, username);
150 if (result == login_ok) {
151 result = CtdlTryPassword(password);
152 if (result == pass_ok) {
153 cprintf("<iq type=\"result\" id=\"%s\"></iq>", iq_id); /* success */
159 cprintf("<iq type=\"error\" id=\"%s\">", iq_id);
160 cprintf("<error code=\"401\" type=\"auth\">"
161 "<not-authorized xmlns=\"urn:ietf:params:xml:ns:xmpp-stanzas\"/>"