1 | /***************************************************************************\ |
---|
2 | * * |
---|
3 | * BitlBee - An IRC to IM gateway * |
---|
4 | * Jabber module - SASL authentication * |
---|
5 | * * |
---|
6 | * Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net> * |
---|
7 | * * |
---|
8 | * This program is free software; you can redistribute it and/or modify * |
---|
9 | * it under the terms of the GNU General Public License as published by * |
---|
10 | * the Free Software Foundation; either version 2 of the License, or * |
---|
11 | * (at your option) any later version. * |
---|
12 | * * |
---|
13 | * This program is distributed in the hope that it will be useful, * |
---|
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * |
---|
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * |
---|
16 | * GNU General Public License for more details. * |
---|
17 | * * |
---|
18 | * You should have received a copy of the GNU General Public License along * |
---|
19 | * with this program; if not, write to the Free Software Foundation, Inc., * |
---|
20 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * |
---|
21 | * * |
---|
22 | \***************************************************************************/ |
---|
23 | |
---|
24 | #include "jabber.h" |
---|
25 | #include "base64.h" |
---|
26 | |
---|
27 | #define SASL_NS "urn:ietf:params:xml:ns:xmpp-sasl" |
---|
28 | |
---|
29 | xt_status sasl_pkt_mechanisms( struct xt_node *node, gpointer data ) |
---|
30 | { |
---|
31 | struct gaim_connection *gc = data; |
---|
32 | struct jabber_data *jd = gc->proto_data; |
---|
33 | struct xt_node *c, *reply; |
---|
34 | char *s; |
---|
35 | int sup_plain = 0, sup_digest = 0; |
---|
36 | |
---|
37 | if( !sasl_supported( gc ) ) |
---|
38 | { |
---|
39 | /* Should abort this now, since we should already be doing |
---|
40 | IQ authentication. Strange things happen when you try |
---|
41 | to do both... */ |
---|
42 | serv_got_crap( gc, "XMPP 1.0 non-compliant server seems to support SASL, please report this as a BitlBee bug!" ); |
---|
43 | return XT_HANDLED; |
---|
44 | } |
---|
45 | |
---|
46 | s = xt_find_attr( node, "xmlns" ); |
---|
47 | if( !s || strcmp( s, SASL_NS ) != 0 ) |
---|
48 | { |
---|
49 | signoff( gc ); |
---|
50 | return XT_ABORT; |
---|
51 | } |
---|
52 | |
---|
53 | c = node->children; |
---|
54 | while( ( c = xt_find_node( c, "mechanism" ) ) ) |
---|
55 | { |
---|
56 | if( c->text && g_strcasecmp( c->text, "PLAIN" ) == 0 ) |
---|
57 | sup_plain = 1; |
---|
58 | if( c->text && g_strcasecmp( c->text, "DIGEST-MD5" ) == 0 ) |
---|
59 | sup_digest = 1; |
---|
60 | |
---|
61 | c = c->next; |
---|
62 | } |
---|
63 | |
---|
64 | if( !sup_plain && !sup_digest ) |
---|
65 | { |
---|
66 | signoff( gc ); |
---|
67 | return XT_ABORT; |
---|
68 | } |
---|
69 | |
---|
70 | reply = xt_new_node( "auth", NULL, NULL ); |
---|
71 | xt_add_attr( reply, "xmlns", SASL_NS ); |
---|
72 | |
---|
73 | if( sup_digest && 0 ) |
---|
74 | { |
---|
75 | xt_add_attr( reply, "mechanism", "DIGEST-MD5" ); |
---|
76 | |
---|
77 | /* The rest will be done later, when we receive a <challenge/>. */ |
---|
78 | } |
---|
79 | else if( sup_plain ) |
---|
80 | { |
---|
81 | int len; |
---|
82 | |
---|
83 | xt_add_attr( reply, "mechanism", "PLAIN" ); |
---|
84 | |
---|
85 | /* With SASL PLAIN in XMPP, the text should be b64(\0user\0pass) */ |
---|
86 | len = strlen( jd->username ) + strlen( gc->acc->pass ) + 2; |
---|
87 | s = g_malloc( len + 1 ); |
---|
88 | s[0] = 0; |
---|
89 | strcpy( s + 1, jd->username ); |
---|
90 | strcpy( s + 2 + strlen( jd->username ), gc->acc->pass ); |
---|
91 | reply->text = base64_encode( s, len ); |
---|
92 | reply->text_len = strlen( reply->text ); |
---|
93 | g_free( s ); |
---|
94 | } |
---|
95 | |
---|
96 | if( !jabber_write_packet( gc, reply ) ) |
---|
97 | { |
---|
98 | xt_free_node( reply ); |
---|
99 | return XT_ABORT; |
---|
100 | } |
---|
101 | xt_free_node( reply ); |
---|
102 | |
---|
103 | /* To prevent classic authentication from happening. */ |
---|
104 | jd->flags |= JFLAG_STREAM_STARTED; |
---|
105 | |
---|
106 | return XT_HANDLED; |
---|
107 | } |
---|
108 | |
---|
109 | xt_status sasl_pkt_challenge( struct xt_node *node, gpointer data ) |
---|
110 | { |
---|
111 | return XT_HANDLED; |
---|
112 | } |
---|
113 | |
---|
114 | xt_status sasl_pkt_result( struct xt_node *node, gpointer data ) |
---|
115 | { |
---|
116 | struct gaim_connection *gc = data; |
---|
117 | struct jabber_data *jd = gc->proto_data; |
---|
118 | char *s; |
---|
119 | |
---|
120 | s = xt_find_attr( node, "xmlns" ); |
---|
121 | if( !s || strcmp( s, SASL_NS ) != 0 ) |
---|
122 | { |
---|
123 | signoff( gc ); |
---|
124 | return XT_ABORT; |
---|
125 | } |
---|
126 | |
---|
127 | if( strcmp( node->name, "success" ) == 0 ) |
---|
128 | { |
---|
129 | set_login_progress( gc, 1, "Authentication finished" ); |
---|
130 | jd->flags |= JFLAG_AUTHENTICATED | JFLAG_STREAM_RESTART; |
---|
131 | } |
---|
132 | else if( strcmp( node->name, "failure" ) == 0 ) |
---|
133 | { |
---|
134 | hide_login_progress( gc, "Authentication failure" ); |
---|
135 | signoff( gc ); |
---|
136 | return XT_ABORT; |
---|
137 | } |
---|
138 | |
---|
139 | return XT_HANDLED; |
---|
140 | } |
---|
141 | |
---|
142 | /* This one is needed to judge if we'll do authentication using IQ or SASL. |
---|
143 | It's done by checking if the <stream:stream> from the server has a |
---|
144 | version attribute. I don't know if this is the right way though... */ |
---|
145 | gboolean sasl_supported( struct gaim_connection *gc ) |
---|
146 | { |
---|
147 | struct jabber_data *jd = gc->proto_data; |
---|
148 | |
---|
149 | return ( (void*) ( jd->xt && jd->xt->root && xt_find_attr( jd->xt->root, "version" ) ) ) != NULL; |
---|
150 | } |
---|