Handle unexpected challenges.

Resolves: #1132
author: Remko Tronçon <git@el-tramo.be> 2012-06-18 19:00:13 (GMT)
committer: Remko Tronçon <git@el-tramo.be> 2012-06-18 19:00:13 (GMT)
commit: 6080dd4915801b45598268c805b62aa6c723a3a3 (patch)
tree: 56ab5acd5ce2e354eff3a276f5acf87e8da0571f /Swiften/Client/ClientSession.cpp
parent: 7108ff51d73e4e0b38ab2acd139dca90ff4218f4 (diff)
download: swift-contrib-6080dd4915801b45598268c805b62aa6c723a3a3.zip
swift-contrib-6080dd4915801b45598268c805b62aa6c723a3a3.tar.bz2
1 files changed, 20 insertions, 14 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp
index 7e1f517..48e38b9 100644
--- a/Swiften/Client/ClientSession.cpp
+++ b/Swiften/Client/ClientSession.cpp
@@ -31,29 +31,33 @@
 #include <Swiften/Elements/EnableStreamManagement.h>
 #include <Swiften/Elements/StreamManagementEnabled.h>
 #include <Swiften/Elements/StreamManagementFailed.h>
 #include <Swiften/Elements/StartSession.h>
 #include <Swiften/Elements/StanzaAck.h>
 #include <Swiften/Elements/StanzaAckRequest.h>
 #include <Swiften/Elements/IQ.h>
 #include <Swiften/Elements/ResourceBind.h>
 #include <Swiften/SASL/PLAINClientAuthenticator.h>
+#include <Swiften/SASL/EXTERNALClientAuthenticator.h>
 #include <Swiften/SASL/SCRAMSHA1ClientAuthenticator.h>
 #include <Swiften/SASL/DIGESTMD5ClientAuthenticator.h>
 #include <Swiften/Session/SessionStream.h>
 #include <Swiften/TLS/CertificateTrustChecker.h>
 #include <Swiften/TLS/ServerIdentityVerifier.h>
 #include <Swiften/Base/Log.h>
 
 #ifdef SWIFTEN_PLATFORM_WIN32
 #include <Swiften/Base/WindowsRegistry.h>
 #endif
 
+#define CHECK_STATE_OR_RETURN(a) \
+	if (!checkState(a)) { return; }
+
 namespace Swift {
 
 ClientSession::ClientSession(
 		const JID& jid, 
 		boost::shared_ptr<SessionStream> stream) :
 			localJID(jid),	
 			state(Initial), 
 			stream(stream),
 			allowPLAINOverNonTLS(false),
@@ -95,19 +99,19 @@ void ClientSession::sendStreamHeader() {
 
 void ClientSession::sendStanza(boost::shared_ptr<Stanza> stanza) {
 	stream->writeElement(stanza);
 	if (stanzaAckRequester_) {
 		stanzaAckRequester_->handleStanzaSent(stanza);
 	}
 }
 
 void ClientSession::handleStreamStart(const ProtocolHeader&) {
-	checkState(WaitingForStreamStart);
+	CHECK_STATE_OR_RETURN(WaitingForStreamStart);
 	state = Negotiating;
 }
 
 void ClientSession::handleElement(boost::shared_ptr<Element> element) {
 	if (boost::shared_ptr<Stanza> stanza = boost::dynamic_pointer_cast<Stanza>(element)) {
 		if (stanzaAckResponder_) {
 			stanzaAckResponder_->handleStanzaReceived();
 		}
 		if (getState() == Initialized) {
@@ -176,44 +180,44 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) {
 		boost::shared_ptr<Stanza> stanza = boost::dynamic_pointer_cast<Stanza>(element);
 		if (stanza) {
 			if (stanzaAckResponder_) {
 				stanzaAckResponder_->handleStanzaReceived();
 			}
 			onStanzaReceived(stanza);
 		}
 	}
 	else if (StreamFeatures* streamFeatures = dynamic_cast<StreamFeatures*>(element.get())) {
-		if (!checkState(Negotiating)) {
-			return;
-		}
+		CHECK_STATE_OR_RETURN(Negotiating);
 
 		if (streamFeatures->hasStartTLS() && stream->supportsTLSEncryption() && useTLS != NeverUseTLS) {
 			state = WaitingForEncrypt;
 			stream->writeElement(boost::make_shared<StartTLSRequest>());
 		}
 		else if (useTLS == RequireTLS && !stream->isTLSEncrypted()) {
 			finishSession(Error::NoSupportedAuthMechanismsError);
 		}
 		else if (useStreamCompression && stream->supportsZLibCompression() && streamFeatures->hasCompressionMethod("zlib")) {
 			state = Compressing;
 			stream->writeElement(boost::make_shared<CompressRequest>("zlib"));
 		}
 		else if (streamFeatures->hasAuthenticationMechanisms()) {
 			if (stream->hasTLSCertificate()) {
 				if (streamFeatures->hasAuthenticationMechanism("EXTERNAL")) {
+					authenticator = new EXTERNALClientAuthenticator();
 					state = Authenticating;
 					stream->writeElement(boost::make_shared<AuthRequest>("EXTERNAL", createSafeByteArray("")));
 				}
 				else {
 					finishSession(Error::TLSClientCertificateError);
 				}
 			}
 			else if (streamFeatures->hasAuthenticationMechanism("EXTERNAL")) {
+				authenticator = new EXTERNALClientAuthenticator();
 				state = Authenticating;
 				stream->writeElement(boost::make_shared<AuthRequest>("EXTERNAL", createSafeByteArray("")));
 			}
 			else if (streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1") || streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1-PLUS")) {
 				std::ostringstream s;
 				ByteArray finishMessage;
 				bool plus = stream->isTLSEncrypted() && streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1-PLUS");
 				if (plus) {
 					finishMessage = stream->getTLSFinishMessage();
@@ -256,19 +260,19 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) {
 				// Resource binding is a MUST
 				finishSession(Error::ResourceBindError);
 			}
 			else {
 				continueSessionInitialization();
 			}
 		}
 	}
 	else if (boost::dynamic_pointer_cast<Compressed>(element)) {
-		checkState(Compressing);
+		CHECK_STATE_OR_RETURN(Compressing);
 		state = WaitingForStreamStart;
 		stream->addZLibCompression();
 		stream->resetXMPPParser();
 		sendStreamHeader();
 	}
 	else if (boost::dynamic_pointer_cast<CompressFailure>(element)) {
 		finishSession(Error::CompressionFailedError);
 	}
 	else if (boost::dynamic_pointer_cast<StreamManagementEnabled>(element)) {
@@ -279,49 +283,46 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) {
 		stanzaAckResponder_->onAck.connect(boost::bind(&ClientSession::ack, shared_from_this(), _1));
 		needAcking = false;
 		continueSessionInitialization();
 	}
 	else if (boost::dynamic_pointer_cast<StreamManagementFailed>(element)) {
 		needAcking = false;
 		continueSessionInitialization();
 	}
 	else if (AuthChallenge* challenge = dynamic_cast<AuthChallenge*>(element.get())) {
-		checkState(Authenticating);
+		CHECK_STATE_OR_RETURN(Authenticating);
 		assert(authenticator);
 		if (authenticator->setChallenge(challenge->getValue())) {
 			stream->writeElement(boost::make_shared<AuthResponse>(authenticator->getResponse()));
 		}
 		else {
 			finishSession(Error::AuthenticationFailedError);
 		}
 	}
 	else if (AuthSuccess* authSuccess = dynamic_cast<AuthSuccess*>(element.get())) {
-		checkState(Authenticating);
-		if (authenticator && !authenticator->setChallenge(authSuccess->getValue())) {
-			delete authenticator;
-			authenticator = NULL;
+		CHECK_STATE_OR_RETURN(Authenticating);
+		assert(authenticator);
+		if (!authenticator->setChallenge(authSuccess->getValue())) {
 			finishSession(Error::ServerVerificationFailedError);
 		}
 		else {
 			state = WaitingForStreamStart;
 			delete authenticator;
 			authenticator = NULL;
 			stream->resetXMPPParser();
 			sendStreamHeader();
 		}
 	}
 	else if (dynamic_cast<AuthFailure*>(element.get())) {
-		delete authenticator;
-		authenticator = NULL;
 		finishSession(Error::AuthenticationFailedError);
 	}
 	else if (dynamic_cast<TLSProceed*>(element.get())) {
-		checkState(WaitingForEncrypt);
+		CHECK_STATE_OR_RETURN(WaitingForEncrypt);
 		state = Encrypting;
 		stream->addTLSEncryption();
 	}
 	else if (dynamic_cast<StartTLSFailure*>(element.get())) {
 		finishSession(Error::TLSError);
 	}
 	else {
 		// FIXME Not correct?
 		state = Initialized;
@@ -356,25 +357,26 @@ bool ClientSession::checkState(State state) {
 	if (this->state != state) {
 		finishSession(Error::UnexpectedElementError);
 		return false;
 	}
 	return true;
 }
 
 void ClientSession::sendCredentials(const SafeByteArray& password) {
 	assert(WaitingForCredentials);
+	assert(authenticator);
 	state = Authenticating;
 	authenticator->setCredentials(localJID.getNode(), password);
 	stream->writeElement(boost::make_shared<AuthRequest>(authenticator->getName(), authenticator->getResponse()));
 }
 
 void ClientSession::handleTLSEncrypted() {
-	checkState(Encrypting);
+	CHECK_STATE_OR_RETURN(Encrypting);
 
 	std::vector<Certificate::ref> certificateChain = stream->getPeerCertificateChain();
 	boost::shared_ptr<CertificateVerificationError> verificationError = stream->getPeerCertificateVerificationError();
 	if (verificationError) {
 		checkTrustOrFinish(certificateChain, verificationError);
 	}
 	else {
 		ServerIdentityVerifier identityVerifier(localJID);
 		if (!certificateChain.empty() && identityVerifier.certificateVerifies(certificateChain[0])) {
@@ -442,18 +444,22 @@ void ClientSession::finishSession(boost::shared_ptr<Swift::Error> error) {
 		error_ = error;
 	}
 	else {
 		SWIFT_LOG(warning) << "Session finished twice";
 	}
 	assert(stream->isOpen());
 	if (stanzaAckResponder_) {
 		stanzaAckResponder_->handleAckRequestReceived();
 	}
+	if (authenticator) {
+		delete authenticator;
+		authenticator = NULL;
+	}
 	stream->writeFooter();
 	stream->close();
 }
 
 void ClientSession::requestAck() {
 	stream->writeElement(boost::make_shared<StanzaAckRequest>());
 }
 
 void ClientSession::handleStanzaAcked(boost::shared_ptr<Stanza> stanza) {
author	Remko Tronçon <git@el-tramo.be>	2012-06-18 19:00:13 (GMT)
committer	Remko Tronçon <git@el-tramo.be>	2012-06-18 19:00:13 (GMT)
commit	6080dd4915801b45598268c805b62aa6c723a3a3 (patch)
tree	56ab5acd5ce2e354eff3a276f5acf87e8da0571f /Swiften/Client/ClientSession.cpp
parent	7108ff51d73e4e0b38ab2acd139dca90ff4218f4 (diff)
download	swift-contrib-6080dd4915801b45598268c805b62aa6c723a3a3.zip swift-contrib-6080dd4915801b45598268c805b62aa6c723a3a3.tar.bz2