X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fxmpp%2Fxmpp_sasl_service.c;h=bb31ddaba299242de58b9059fc35481022e0a29b;hb=7a9b0685e406cc83597171cc39d008c7e5459ca8;hp=a9d73b3602b483a4cb383e459a0bbf2e377ada57;hpb=6a969c7e8f80199f8b8bd5d76b40eb3f53ab3ca4;p=citadel.git diff --git a/citadel/modules/xmpp/xmpp_sasl_service.c b/citadel/modules/xmpp/xmpp_sasl_service.c index a9d73b360..bb31ddaba 100644 --- a/citadel/modules/xmpp/xmpp_sasl_service.c +++ b/citadel/modules/xmpp/xmpp_sasl_service.c @@ -1,26 +1,17 @@ /* - * $Id$ - * * Barebones SASL authentication service for XMPP (Jabber) clients. * * Note: RFC3920 says we "must" support DIGEST-MD5 but we only support PLAIN. * - * Copyright (c) 2007-2009 by Art Cancro - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. + * Copyright (c) 2007-2019 by Art Cancro * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * This program is open source software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3. * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. */ #include "sysdep.h" @@ -32,18 +23,7 @@ #include #include #include - -#if TIME_WITH_SYS_TIME -# include -# include -#else -# if HAVE_SYS_TIME_H -# include -# else -# include -# endif -#endif - +#include #include #include #include @@ -57,7 +37,6 @@ #include "config.h" #include "user_ops.h" #include "internet_addressing.h" -#include "md5.h" #include "ctdl_module.h" #include "serv_xmpp.h" @@ -72,7 +51,7 @@ int xmpp_auth_plain(char *authstring) char user[256]; char pass[256]; int result; - + long len; /* Take apart the authentication string */ memset(pass, 0, sizeof(pass)); @@ -80,27 +59,20 @@ int xmpp_auth_plain(char *authstring) CtdlDecodeBase64(decoded_authstring, authstring, strlen(authstring)); safestrncpy(ident, decoded_authstring, sizeof ident); safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user); - safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass); - - - /* If there are underscores in either string, change them to spaces. Some clients - * do not allow spaces so we can tell the user to substitute underscores if their - * login name contains spaces. - */ - convert_spaces_to_underscores(ident); - convert_spaces_to_underscores(user); - - /* Now attempt authentication */ + len = safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass); + if (len < 0) { + len = -len; + } if (!IsEmptyStr(ident)) { - result = CtdlLoginExistingUser(user, ident); + result = CtdlLoginExistingUser(ident); } else { - result = CtdlLoginExistingUser(NULL, user); + result = CtdlLoginExistingUser(user); } if (result == login_ok) { - if (CtdlTryPassword(pass) == pass_ok) { + if (CtdlTryPassword(pass, len) == pass_ok) { return(0); /* success */ } } @@ -118,6 +90,7 @@ void xmpp_output_auth_mechs(void) { cprintf(""); } + /* * Here we go ... client is trying to authenticate. */ @@ -130,7 +103,9 @@ void xmpp_sasl_auth(char *sasl_auth_mech, char *authstring) { return; } - if (CC->logged_in) CtdlUserLogout(); /* Client may try to log in twice. Handle this. */ + if (CC->logged_in) { + CtdlUserLogout(); /* Client may try to log in twice. Handle this. */ + } if (CC->nologin) { cprintf(""); @@ -150,19 +125,20 @@ void xmpp_sasl_auth(char *sasl_auth_mech, char *authstring) { } - /* * Non-SASL authentication */ -void xmpp_non_sasl_authenticate(char *iq_id, char *username, char *password, char *resource) { +void xmpp_non_sasl_authenticate(char *iq_id, char *username, char *password) { int result; char xmlbuf[256]; - if (CC->logged_in) CtdlUserLogout(); /* Client may try to log in twice. Handle this. */ + if (CC->logged_in) { + CtdlUserLogout(); /* Client may try to log in twice. Handle this. */ + } - result = CtdlLoginExistingUser(NULL, username); + result = CtdlLoginExistingUser(username); if (result == login_ok) { - result = CtdlTryPassword(password); + result = CtdlTryPassword(password, strlen(password)); if (result == pass_ok) { cprintf("", xmlesc(xmlbuf, iq_id, sizeof xmlbuf)); /* success */ return;