Commit Graph

68 Commits

Author SHA1 Message Date
Dmitry Podgorny
db8a511f68 style: remove extra const keyword from interfaces
Const variables in prototypes don't add much value, but make the code
larger and redundant. Remove these const keywords.
Note, this doesn't apply to pointers to const memory.
2021-03-19 22:12:15 +02:00
Dmitry Podgorny
c07ac0a68d conn: don't crash when user sets password to NULL
Make it possible to reset password to NULL. It is not required for
ANONYMOUS authentication. Also, report an error and disconnect if
password is not set and libstrophe should try authentication mechanisms
other than ANONYMOUS.
2020-09-30 20:56:52 +03:00
Dmitry Podgorny
60ce94c267 auth: add missed space in log message 2020-09-30 20:43:32 +03:00
Oleg Synelnykov
198bdd77d0 Remove -Wno-unused-parameter
Introduced UNUSED macro with cast to void in commoh.h for internal
use. Used cast to void directly in those files which do not
include common.h. Although this change doesn't fix semantic issues
with unused function parameters, it does explicitly mark all those
places, which might require attention in future.
2020-03-31 17:37:12 +03:00
Dmitry Podgorny
1ca10fd167 Fix SASL SCRAM implementation
* Add SCRAM_DIGEST_SIZE macro for maximum possible digest size. It will
  avoid new buffer overflow errors when new digests are added.
* Fix buffer overflow in sasl_scram(). Buffers were allocated for SHA1
  digest size.
* Fix bug with handler re-registration when a SASL SCRAM mechanism
  fails.
2020-01-31 01:59:42 +02:00
Steffen Jaeckel
771d5865ae add SCRAM-SHA-256 and SCRAM-SHA-512 support 2020-01-31 01:59:42 +02:00
Steffen Jaeckel
fc064bc883 re-factor SCRAM to be independent of the hash 2020-01-31 01:34:23 +02:00
Dmitry Podgorny
562a06425b Unify coding style
@sjaeckel integrated clang-format with formal coding style. Run his
script and commit changes.

There are pros and cons of this commit.

Mixed coding style is a "broken window". A good single style simplifies
reading and writing code.

On the other hand, this is a big change which will lead to conflicts.
2020-01-31 01:16:50 +02:00
Dmitry Podgorny
17f79cbbb8 auth: replace stricmp() with _stricmp()
Newer visual studios deprecate stricmp(). Replace it to fix compilation.
2020-01-07 00:24:57 +02:00
Dmitry Podgorny
2bf5cc0e41 auth: disable PLAIN when other mechanisms are supported
PLAIN mechanism sends password in BASE64 encoding which everyone can
read. As result, debug logs expose password and users often don't remove
it when post the logs in the Internet.

Usually, both a secure mechanism and PLAIN are used in the scenario when
username or password is incorrect. PLAIN fails in this scenario anyway.
2019-10-01 23:38:50 +03:00
Dmitry Podgorny
30f3cc9263 auth: disable legacy auth by default
Legacy authentication can expose password in plaintext. Since this is
not widely used mechanism, disable it by default. It can be enabled back
with connection option XMPP_CONN_FLAG_LEGACY_AUTH.
2019-10-01 22:34:31 +03:00
Dmitry Podgorny
a13ba65cfb Don't pass NULL to strcmp()
There are places where code relies on well-formed stanzas and expects
that ns attribute is always present. Check whether ns NULL or not before
passing it to strcmp().

Fixes #121.
2018-07-30 20:38:43 +03:00
Stu Tomlinson
0e6b0ef84d Only require session if it is not optional
RFC6121 removes the precondition of establishing a session before a client
may exchange XML stanzas on an XMPP network.

This PR allows libstrophe to not request session where it is indicated
as optional by the server, saving a round trip.

https://tools.ietf.org/html/rfc6121#section-1.4
2018-06-08 14:27:29 +00:00
Dmitry Podgorny
e73b577e0b auth: use xmpp_iq_new() for iq stanzas 2017-07-15 20:35:16 +03:00
Dmitry Podgorny
da8dc2d3cb auth: don't delete stream:error handler
Instead, keep the same handler until connection is disconnected. Stream
is opened 3 times during usual workflow. Deleting/restoring the handler
every time brings more places for possible mistakes.
2017-06-29 20:13:16 +03:00
Dmitry Podgorny
fa63aac731 auth: delete error handler before re-opening stream 2017-06-23 21:51:44 +03:00
Alexander Krotov
c9ddc2b7ef Make tls_new accept xmpp_conn_t 2017-06-23 02:59:05 +03:00
Dmitry Podgorny
229215b49c conn: xmpp_conn_open_stream() sends user-supplied tag
Default opening tag doesn't allow to implement XEP-0174. In this case
client needs to send specific attributes. As solution user passes
attributes that are sent inside opening tag. Previous variant of this
function is renamed to xmpp_conn_open_stream_default().

The way to pass attributes is not the best one, but it's used to conform
existent interface of xmpp_stanza_get_attributes().

Remove "raw" suffix from functions that work with a raw connection.
2016-09-06 22:06:29 +03:00
Dmitry Podgorny
384ef8023e auth: coding style 2016-09-02 17:10:14 +03:00
Dmitry Podgorny
dc56737b71 conn: implemented xmpp_connect_raw()
This function is similar to xmpp_connect_client(), but doesn't perform
authentication. Instead, it calls user's connection handler immediately
after establishing the connection. Hence, user can implement own
authendication or registration procedures.

Such a "raw" connection can be useful when user interaction is required
(e.g. Data Forms in XEP-0077, OAuth2).
2016-09-02 00:47:58 +03:00
Dmitry Podgorny
1a657c67e2 Fixed typo 2016-05-21 01:28:39 +03:00
Dmitry Podgorny
2ffb278aa4 Implemented public Base64 interface
Base64 is required for vCard avatars. It will also be useful for
an authentication mechanism with future xmpp_connect_raw() interface.
2016-04-30 18:09:01 +00:00
Dmitry Podgorny
b5d9b33b6f Refactor rand
* Removed dependency from internal headers in rand.h. xmpp_rand
  interface can be public in the future;
* xmpp_rand functions accept xmpp_rand_t object instead of xmpp_ctx_t.
2016-04-29 22:51:23 +00:00
Dmitry Podgorny
a3da77b8f6 stanza: return const char* for non allocated strings
If interface function returns char* the result must be freed with
xmpp_free().

In case of const char* the result must not be changed by user. Also, the
result is valid only during stanza lifetime.
2016-04-27 11:56:50 +00:00
Dmitry Podgorny
182803926b conn: added new API xmpp_conn_set_flags()
xmpp_conn_set_flags() and xmpp_conn_get_flags() unify interface of
connection configuration.
This interface allows compile-time check of supported features or even
run-time check. Therefore, applications can be built with older
libstrophe which doesn't support some optional flags.
2015-10-15 16:01:13 +03:00
Dmitry Podgorny
36af7afa27 conn: implemented old-style SSL connection
Added new API xmpp_conn_set_old_style_ssl(). This function forces
using of old-style SSL connection.
2015-10-12 22:25:39 +03:00
Dmitry Podgorny
f326c2f42f sha1: added prefix crypto_ to SHA1 API
sha1.c contains symbols that overlap with libcrypto. This patch
fixes linking with libstrophe as static library.

Prefix crypto_ will help to group other crypto API in the future.
2015-10-09 12:14:23 +03:00
Dmitry Podgorny
7a782df9f5 auth: memory leak in _make_scram_sha1_init_msg() 2015-10-07 20:02:45 +03:00
Dmitry Podgorny
10656ead46 Introduced PRNG based on Hash_DRBG (NIST SP 800-90A)
This pseudo-random number generator solves problem with
platform-independent generation of randomized nonces.
Current implementation uses weak entropy, especially when
kernel.randomize_va_space = 0. But it can be improved by
adding new sources to xmpp_rand_reseed().

New internal API introduced:
  xmpp_rand_new
  xmpp_rand_free
  xmpp_rand
  xmpp_rand_bytes
  xmpp_rand_nonce
2015-10-07 19:35:42 +03:00
James Booth
7cdef1e319 Check for name element when reading mechanisms
Fixes an issue where the server sends whitespace between
elements, a segfault would occur when performing a strcmp
on the name.
2015-08-03 23:05:04 +01:00
James Booth
154b70ed2c Merge remote-tracking branch 'cwtitan/namespace' 2015-03-26 20:44:10 +00:00
Codewalker
86f913b001 Fix use of snprintf (which does not exist on all platforms) in auth.c
by replacing it with xmpp_snprintf in order to be consistent with the
rest of the code. Also fixes compile error on MSVC.
2015-01-02 20:21:59 +02:00
Codewalker
e2f1c1e94a Add XML namespace support. 2014-12-28 22:46:16 -06:00
Dmitry Podgorny
3b906f6ceb XEP-0114: minor fixes to auth.c
- src/sha1.c is used instead of openssl;
 - xmpp_alloc/free should be used instead of malloc/free;
 - coding style fixes.
2014-12-15 14:42:50 +02:00
Milan Kubík
5d76e052ec XEP-0114: external component authentication
New API xmpp_connect_component() introduced.
2014-12-15 14:41:18 +02:00
Dariusz Dwornikowski
71f75b2e2e Closes #31 2014-10-23 08:44:52 +02:00
Dmitry Podgorny
db14f2bd4a auth: fixed memory leaks in _handle_scram_sha1_challenge() 2014-09-09 22:55:23 +03:00
Vitaly Takmazov
58613ea7f3 fix MSVC build 2014-09-08 13:41:30 +03:00
Dmitry Podgorny
ea719cd02a SCRAM-SHA-1 authentication mechanism support 2014-08-31 00:44:08 +03:00
Dmitry Podgorny
cf361d35fe auth: removed useless static declaration
_handle_open_tls() declared as static function but not defined.
2014-08-26 14:53:15 +03:00
Damian Obernikowicz
783bad0897 Fixed memory leak 2014-08-20 00:36:59 +03:00
James Booth
a572d055a8 Fixed wrong flag setting 2012-05-20 02:10:19 +01:00
James Booth
9615a55856 Added option to disable TLS
The connection object includes a tls_support flag, which can
be disabled with xmpp_conn_disable_tls().
2012-05-20 01:50:32 +01:00
Jack Moffitt
ee8afdb64e Memory leak fixes from @elisamanfrin.
Fixes issue #4.
2012-02-07 22:46:38 -07:00
Dustin Sallings
d048124969 Capture the bound jid.
I'd kind of like to be able to discover the JID with full resource for
some operations.
2009-06-15 14:37:21 -07:00
Jack Moffitt
370a371800 Dual licensed libstrophe under MIT and GPLv3.
Updated copyright headers.
2009-06-15 15:26:10 -06:00
Jack Moffitt
3fd7515dcf Abstracted XML parser library and switched to autotools building.
expat is still the default parser, but libxml2 can also be used
via an option to the configure script.  New parsers can easily be
added by implementing a parser_foo.c that uses the interface defined
in parser.h.
2009-04-14 13:47:20 -06:00
Jack Moffitt
2b8691f154 Documentation changes for SASL ANONYMOUS. 2008-08-24 16:09:31 +00:00
Jack Moffitt
16ad3aabf7 Implement SASL ANONYMOUS authentication. 2008-08-24 16:03:09 +00:00
Jack Moffitt
65a174ee7e Most public API points are now documented. 2008-06-24 14:43:54 +00:00