Compare commits
2 Commits
next
...
control-au
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
460e34552b | ||
|
|
fac1900c3f |
10
src/auth.c
10
src/auth.c
@@ -799,7 +799,9 @@ static void _auth(xmpp_conn_t *conn)
|
|||||||
conn->ctx, "auth",
|
conn->ctx, "auth",
|
||||||
"Password hasn't been set, and SASL ANONYMOUS unsupported.");
|
"Password hasn't been set, and SASL ANONYMOUS unsupported.");
|
||||||
xmpp_disconnect(conn);
|
xmpp_disconnect(conn);
|
||||||
} else if (conn->sasl_support & SASL_MASK_SCRAM) {
|
} else if ((conn->sasl_support & SASL_MASK_SCRAM_PLUS) ||
|
||||||
|
((conn->sasl_support & SASL_MASK_SCRAM_WEAK) &&
|
||||||
|
!conn->only_strong_auth)) {
|
||||||
size_t n;
|
size_t n;
|
||||||
scram_ctx = strophe_alloc(conn->ctx, sizeof(*scram_ctx));
|
scram_ctx = strophe_alloc(conn->ctx, sizeof(*scram_ctx));
|
||||||
memset(scram_ctx, 0, sizeof(*scram_ctx));
|
memset(scram_ctx, 0, sizeof(*scram_ctx));
|
||||||
@@ -857,7 +859,8 @@ static void _auth(xmpp_conn_t *conn)
|
|||||||
|
|
||||||
/* SASL algorithm was tried, unset flag */
|
/* SASL algorithm was tried, unset flag */
|
||||||
conn->sasl_support &= ~scram_ctx->alg->mask;
|
conn->sasl_support &= ~scram_ctx->alg->mask;
|
||||||
} else if (conn->sasl_support & SASL_MASK_DIGESTMD5) {
|
} else if ((conn->sasl_support & SASL_MASK_DIGESTMD5) &&
|
||||||
|
conn->weak_auth_enabled) {
|
||||||
auth = _make_sasl_auth(conn, "DIGEST-MD5");
|
auth = _make_sasl_auth(conn, "DIGEST-MD5");
|
||||||
if (!auth) {
|
if (!auth) {
|
||||||
disconnect_mem_error(conn);
|
disconnect_mem_error(conn);
|
||||||
@@ -871,7 +874,8 @@ static void _auth(xmpp_conn_t *conn)
|
|||||||
|
|
||||||
/* SASL DIGEST-MD5 was tried, unset flag */
|
/* SASL DIGEST-MD5 was tried, unset flag */
|
||||||
conn->sasl_support &= ~SASL_MASK_DIGESTMD5;
|
conn->sasl_support &= ~SASL_MASK_DIGESTMD5;
|
||||||
} else if (conn->sasl_support & SASL_MASK_PLAIN) {
|
} else if ((conn->sasl_support & SASL_MASK_PLAIN) &&
|
||||||
|
conn->weak_auth_enabled) {
|
||||||
auth = _make_sasl_auth(conn, "PLAIN");
|
auth = _make_sasl_auth(conn, "PLAIN");
|
||||||
if (!auth) {
|
if (!auth) {
|
||||||
disconnect_mem_error(conn);
|
disconnect_mem_error(conn);
|
||||||
|
|||||||
@@ -259,6 +259,8 @@ struct _xmpp_conn_t {
|
|||||||
int sasl_support; /* if true, field is a bitfield of supported
|
int sasl_support; /* if true, field is a bitfield of supported
|
||||||
mechanisms */
|
mechanisms */
|
||||||
int auth_legacy_enabled;
|
int auth_legacy_enabled;
|
||||||
|
int weak_auth_enabled;
|
||||||
|
int only_strong_auth;
|
||||||
int secured; /* set when stream is secured with TLS */
|
int secured; /* set when stream is secured with TLS */
|
||||||
xmpp_certfail_handler certfail_handler;
|
xmpp_certfail_handler certfail_handler;
|
||||||
xmpp_password_callback password_callback;
|
xmpp_password_callback password_callback;
|
||||||
|
|||||||
@@ -1133,6 +1133,8 @@ long xmpp_conn_get_flags(const xmpp_conn_t *conn)
|
|||||||
XMPP_CONN_FLAG_DISABLE_SM * conn->sm_disable |
|
XMPP_CONN_FLAG_DISABLE_SM * conn->sm_disable |
|
||||||
XMPP_CONN_FLAG_ENABLE_COMPRESSION * conn->compression.allowed |
|
XMPP_CONN_FLAG_ENABLE_COMPRESSION * conn->compression.allowed |
|
||||||
XMPP_CONN_FLAG_COMPRESSION_DONT_RESET * conn->compression.dont_reset |
|
XMPP_CONN_FLAG_COMPRESSION_DONT_RESET * conn->compression.dont_reset |
|
||||||
|
XMPP_CONN_FLAG_WEAK_AUTH * conn->weak_auth_enabled |
|
||||||
|
XMPP_CONN_FLAG_STRONG_AUTH * conn->only_strong_auth |
|
||||||
XMPP_CONN_FLAG_LEGACY_AUTH * conn->auth_legacy_enabled;
|
XMPP_CONN_FLAG_LEGACY_AUTH * conn->auth_legacy_enabled;
|
||||||
|
|
||||||
return flags;
|
return flags;
|
||||||
@@ -1188,11 +1190,14 @@ int xmpp_conn_set_flags(xmpp_conn_t *conn, long flags)
|
|||||||
(flags & XMPP_CONN_FLAG_ENABLE_COMPRESSION) ? 1 : 0;
|
(flags & XMPP_CONN_FLAG_ENABLE_COMPRESSION) ? 1 : 0;
|
||||||
conn->compression.dont_reset =
|
conn->compression.dont_reset =
|
||||||
(flags & XMPP_CONN_FLAG_COMPRESSION_DONT_RESET) ? 1 : 0;
|
(flags & XMPP_CONN_FLAG_COMPRESSION_DONT_RESET) ? 1 : 0;
|
||||||
|
conn->weak_auth_enabled = (flags & XMPP_CONN_FLAG_WEAK_AUTH) ? 1 : 0;
|
||||||
|
conn->only_strong_auth = (flags & XMPP_CONN_FLAG_STRONG_AUTH) ? 1 : 0;
|
||||||
flags &= ~(XMPP_CONN_FLAG_DISABLE_TLS | XMPP_CONN_FLAG_MANDATORY_TLS |
|
flags &= ~(XMPP_CONN_FLAG_DISABLE_TLS | XMPP_CONN_FLAG_MANDATORY_TLS |
|
||||||
XMPP_CONN_FLAG_LEGACY_SSL | XMPP_CONN_FLAG_TRUST_TLS |
|
XMPP_CONN_FLAG_LEGACY_SSL | XMPP_CONN_FLAG_TRUST_TLS |
|
||||||
XMPP_CONN_FLAG_LEGACY_AUTH | XMPP_CONN_FLAG_DISABLE_SM |
|
XMPP_CONN_FLAG_LEGACY_AUTH | XMPP_CONN_FLAG_DISABLE_SM |
|
||||||
XMPP_CONN_FLAG_ENABLE_COMPRESSION |
|
XMPP_CONN_FLAG_ENABLE_COMPRESSION |
|
||||||
XMPP_CONN_FLAG_COMPRESSION_DONT_RESET);
|
XMPP_CONN_FLAG_COMPRESSION_DONT_RESET |
|
||||||
|
XMPP_CONN_FLAG_WEAK_AUTH | XMPP_CONN_FLAG_STRONG_AUTH);
|
||||||
if (flags) {
|
if (flags) {
|
||||||
strophe_error(conn->ctx, "conn", "Flags 0x%04lx unknown", flags);
|
strophe_error(conn->ctx, "conn", "Flags 0x%04lx unknown", flags);
|
||||||
return XMPP_EINVOP;
|
return XMPP_EINVOP;
|
||||||
|
|||||||
@@ -208,6 +208,14 @@ typedef struct _xmpp_sm_t xmpp_sm_state_t;
|
|||||||
* Only enable this flag if you know what you're doing.
|
* Only enable this flag if you know what you're doing.
|
||||||
*/
|
*/
|
||||||
#define XMPP_CONN_FLAG_COMPRESSION_DONT_RESET (1UL << 7)
|
#define XMPP_CONN_FLAG_COMPRESSION_DONT_RESET (1UL << 7)
|
||||||
|
/** @def XMPP_CONN_FLAG_WEAK_AUTH
|
||||||
|
* Allow weak authentication methods (DIGEST-MD5 and PLAIN).
|
||||||
|
*/
|
||||||
|
#define XMPP_CONN_FLAG_WEAK_AUTH (1UL << 8)
|
||||||
|
/** @def XMPP_CONN_FLAG_STRONG_AUTH
|
||||||
|
* Only allow strong authentication methods (Only the SCRAM-*-PLUS variants).
|
||||||
|
*/
|
||||||
|
#define XMPP_CONN_FLAG_STRONG_AUTH (1UL << 9)
|
||||||
|
|
||||||
/* connect callback */
|
/* connect callback */
|
||||||
typedef enum {
|
typedef enum {
|
||||||
|
|||||||
Reference in New Issue
Block a user