*
* Barebones SASL authentication service for XMPP (Jabber) clients.
*
- * Why barebones? Because RFC3920 says we "must" support DIGEST-MD5 but
- * we only support PLAIN.
+ * Note: RFC3920 says we "must" support DIGEST-MD5 but we only support PLAIN.
*
- * Copyright (c) 2007 by Art Cancro
- * This code is released under the terms of the GNU General Public License.
+ * Copyright (c) 2007-2009 by Art Cancro
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
#include <string.h>
#include <limits.h>
#include <ctype.h>
+#include <expat.h>
#include <libcitadel.h>
#include "citadel.h"
#include "server.h"
#include "internet_addressing.h"
#include "md5.h"
#include "ctdl_module.h"
-
-#ifdef HAVE_EXPAT
-#include <expat.h>
#include "serv_xmpp.h"
char pass[256];
int result;
+
+ /* Take apart the authentication string */
+ memset(pass, 0, sizeof(pass));
+
CtdlDecodeBase64(decoded_authstring, authstring, strlen(authstring));
safestrncpy(ident, decoded_authstring, sizeof ident);
safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
+
+ /* If there are underscores in either string, change them to spaces. Some clients
+ * do not allow spaces so we can tell the user to substitute underscores if their
+ * login name contains spaces.
+ */
+ convert_spaces_to_underscores(ident);
+ convert_spaces_to_underscores(user);
+
+ /* Now attempt authentication */
+
if (!IsEmptyStr(ident)) {
result = CtdlLoginExistingUser(user, ident);
}
return;
}
- if (CC->logged_in) logout(CC); /* Client may try to log in twice. Handle this. */
+ if (CC->logged_in) logout(); /* Client may try to log in twice. Handle this. */
- if (xmpp_auth_plain(authstring) == 0) {
+ if (CC->nologin) {
+ cprintf("<failure xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
+ cprintf("<system-shutdown/>");
+ cprintf("</failure>");
+ }
+
+ else if (xmpp_auth_plain(authstring) == 0) {
cprintf("<success xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\"/>");
}
}
}
+
+
/*
- * Offer non-SASL authentication to legacy clients.
+ * Non-SASL authentication
*/
-void jabber_offer_non_sasl_authentication(void) {
- cprintf("<query xmlns=\"jabber:iq:auth\">"
- "<username/>"
- "<password/>"
- /* "<digest/>" */
- /* "<resource/>" */
- "</query>"
+void jabber_non_sasl_authenticate(char *iq_id, char *username, char *password, char *resource) {
+ int result;
+
+ if (CC->logged_in) logout(); /* Client may try to log in twice. Handle this. */
+
+ result = CtdlLoginExistingUser(NULL, username);
+ if (result == login_ok) {
+ result = CtdlTryPassword(password);
+ if (result == pass_ok) {
+ cprintf("<iq type=\"result\" id=\"%s\"></iq>", iq_id); /* success */
+ return;
+ }
+ }
+
+ /* failure */
+ cprintf("<iq type=\"error\" id=\"%s\">", iq_id);
+ cprintf("<error code=\"401\" type=\"auth\">"
+ "<not-authorized xmlns=\"urn:ietf:params:xml:ns:xmpp-stanzas\"/>"
+ "</error>"
+ "</iq>"
);
}
-
-#endif /* HAVE_EXPAT */
projects / citadel.git / blobdiff