2 * Barebones SASL authentication service for XMPP (Jabber) clients.
4 * Note: RFC3920 says we "must" support DIGEST-MD5 but we only support PLAIN.
6 * Copyright (c) 2007-2009 by Art Cancro
8 * This program is open source software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 3.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
32 #include <sys/types.h>
34 #if TIME_WITH_SYS_TIME
35 # include <sys/time.h>
39 # include <sys/time.h>
50 #include <libcitadel.h>
53 #include "citserver.h"
57 #include "internet_addressing.h"
59 #include "ctdl_module.h"
60 #include "serv_xmpp.h"
64 * PLAIN authentication. Returns zero on success, nonzero on failure.
66 int xmpp_auth_plain(char *authstring)
69 const char *decoded_authstring;
77 /* Take apart the authentication string */
78 memset(pass, 0, sizeof(pass));
80 AuthBuf = NewStrBufPlain(authstring, -1);
81 len = StrBufDecodeBase64(AuthBuf);
84 decoded_authstring = ChrPtr(AuthBuf);
86 len = safestrncpy(ident, decoded_authstring, sizeof ident);
88 decoded_authstring += len + 1;
90 len = safestrncpy(user, decoded_authstring, sizeof user);
92 decoded_authstring += len + 1;
94 len = safestrncpy(pass, decoded_authstring, sizeof pass);
96 len = sizeof(pass) - 1;
100 /* If there are underscores in either string, change them to spaces. Some clients
101 * do not allow spaces so we can tell the user to substitute underscores if their
102 * login name contains spaces.
104 convert_spaces_to_underscores(ident);
105 convert_spaces_to_underscores(user);
107 /* Now attempt authentication */
109 if (!IsEmptyStr(ident)) {
110 result = CtdlLoginExistingUser(user, ident);
113 result = CtdlLoginExistingUser(NULL, user);
116 if (result == login_ok) {
117 if (CtdlTryPassword(pass, len) == pass_ok) {
118 return(0); /* success */
122 return(1); /* failure */
127 * Output the list of SASL mechanisms offered by this stream.
129 void xmpp_output_auth_mechs(void) {
130 cprintf("<mechanisms xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
131 cprintf("<mechanism>PLAIN</mechanism>");
132 cprintf("</mechanisms>");
136 * Here we go ... client is trying to authenticate.
138 void xmpp_sasl_auth(char *sasl_auth_mech, char *authstring) {
140 if (strcasecmp(sasl_auth_mech, "PLAIN")) {
141 cprintf("<failure xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
142 cprintf("<invalid-mechanism/>");
143 cprintf("</failure>");
147 if (CC->logged_in) CtdlUserLogout(); /* Client may try to log in twice. Handle this. */
150 cprintf("<failure xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
151 cprintf("<system-shutdown/>");
152 cprintf("</failure>");
155 else if (xmpp_auth_plain(authstring) == 0) {
156 cprintf("<success xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\"/>");
160 cprintf("<failure xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
161 cprintf("<not-authorized/>");
162 cprintf("</failure>");
169 * Non-SASL authentication
171 void xmpp_non_sasl_authenticate(char *iq_id, char *username, char *password, char *resource) {
175 if (CC->logged_in) CtdlUserLogout(); /* Client may try to log in twice. Handle this. */
177 result = CtdlLoginExistingUser(NULL, username);
178 if (result == login_ok) {
179 result = CtdlTryPassword(password, strlen(password));
180 if (result == pass_ok) {
181 cprintf("<iq type=\"result\" id=\"%s\"></iq>", xmlesc(xmlbuf, iq_id, sizeof xmlbuf)); /* success */
187 cprintf("<iq type=\"error\" id=\"%s\">", xmlesc(xmlbuf, iq_id, sizeof xmlbuf));
188 cprintf("<error code=\"401\" type=\"auth\">"
189 "<not-authorized xmlns=\"urn:ietf:params:xml:ns:xmpp-stanzas\"/>"