Swiftdiff options
| author | Kevin Smith <git@kismith.co.uk> | 2012-02-22 11:00:19 (GMT) |
|---|---|---|
| committer | Kevin Smith <git@kismith.co.uk> | 2012-02-28 16:02:29 (GMT) |
| commit | 0e4f068273ecaa2be24a046812893698a06481bc (patch) | |
| tree | 9c3b7dbd3609a866c2123ea0c5a539b5c49d67dd /Swiften/Client/ClientSession.cpp | |
| parent | eca0f020873f7620c5125101113e2c1eb25b273e (diff) | |
| download | swift-contrib-0e4f068273ecaa2be24a046812893698a06481bc.zip swift-contrib-0e4f068273ecaa2be24a046812893698a06481bc.tar.bz2 | |
Make Swift more usable in a FIPS-140 environment
Don't allow DIGEST-MD5 when Windows is set to FIPS mode. Use
platform-provided hashing for SHA1.
Diffstat (limited to 'Swiften/Client/ClientSession.cpp')
| -rw-r--r-- | Swiften/Client/ClientSession.cpp | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp index bfc9313..81fcf57 100644 --- a/Swiften/Client/ClientSession.cpp +++ b/Swiften/Client/ClientSession.cpp @@ -6,18 +6,20 @@ #include <Swiften/Client/ClientSession.h> #include <boost/bind.hpp> #include <boost/uuid/uuid.hpp> #include <boost/uuid/uuid_io.hpp> #include <boost/uuid/uuid_generators.hpp> #include <boost/smart_ptr/make_shared.hpp> +#include <Swiften/Base/Platform.h> +#include <Swiften/Base/Log.h> #include <Swiften/Elements/ProtocolHeader.h> #include <Swiften/Elements/StreamFeatures.h> #include <Swiften/Elements/StreamError.h> #include <Swiften/Elements/StartTLSRequest.h> #include <Swiften/Elements/StartTLSFailure.h> #include <Swiften/Elements/TLSProceed.h> #include <Swiften/Elements/AuthRequest.h> #include <Swiften/Elements/AuthSuccess.h> #include <Swiften/Elements/AuthFailure.h> @@ -35,36 +37,45 @@ #include <Swiften/Elements/IQ.h> #include <Swiften/Elements/ResourceBind.h> #include <Swiften/SASL/PLAINClientAuthenticator.h> #include <Swiften/SASL/SCRAMSHA1ClientAuthenticator.h> #include <Swiften/SASL/DIGESTMD5ClientAuthenticator.h> #include <Swiften/Session/SessionStream.h> #include <Swiften/TLS/CertificateTrustChecker.h> #include <Swiften/TLS/ServerIdentityVerifier.h> +#ifdef SWIFTEN_PLATFORM_WIN32 +#include <Swiften/Base/WindowsRegistry.h> +#endif + namespace Swift { ClientSession::ClientSession( const JID& jid, boost::shared_ptr<SessionStream> stream) : localJID(jid), state(Initial), stream(stream), allowPLAINOverNonTLS(false), useStreamCompression(true), useTLS(UseTLSWhenAvailable), useAcks(true), needSessionStart(false), needResourceBind(false), needAcking(false), rosterVersioningSupported(false), authenticator(NULL), certificateTrustChecker(NULL) { +#ifdef SWIFTEN_PLATFORM_WIN32 +if (WindowsRegistry::isFIPSEnabled()) { + SWIFT_LOG("info") << "Windows is running in FIPS-140 mode. Some authentication methods will be unavailable." << std::endl; +} +#endif } ClientSession::~ClientSession() { } void ClientSession::start() { stream->onStreamStartReceived.connect(boost::bind(&ClientSession::handleStreamStart, shared_from_this(), _1)); stream->onElementReceived.connect(boost::bind(&ClientSession::handleElement, shared_from_this(), _1)); stream->onClosed.connect(boost::bind(&ClientSession::handleStreamClosed, shared_from_this(), _1)); @@ -215,19 +226,19 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) { authenticator = scramAuthenticator; state = WaitingForCredentials; onNeedCredentials(); } else if ((stream->isTLSEncrypted() || allowPLAINOverNonTLS) && streamFeatures->hasAuthenticationMechanism("PLAIN")) { authenticator = new PLAINClientAuthenticator(); state = WaitingForCredentials; onNeedCredentials(); } - else if (streamFeatures->hasAuthenticationMechanism("DIGEST-MD5")) { + else if (streamFeatures->hasAuthenticationMechanism("DIGEST-MD5") && DIGESTMD5ClientAuthenticator::canBeUsed()) { std::ostringstream s; s << boost::uuids::random_generator()(); // FIXME: Host should probably be the actual host authenticator = new DIGESTMD5ClientAuthenticator(localJID.getDomain(), s.str()); state = WaitingForCredentials; onNeedCredentials(); } else { finishSession(Error::NoSupportedAuthMechanismsError); |