diff options
author | Remko Tronçon <git@el-tramo.be> | 2010-05-08 17:01:12 (GMT) |
---|---|---|
committer | Remko Tronçon <git@el-tramo.be> | 2010-05-08 17:01:12 (GMT) |
commit | eb6a3e659254de70b7c45627e7e0f4f53b737d04 (patch) | |
tree | 09152371318a66feb4e8b0c936255bab17b74a91 /Swiften/Client | |
parent | d233ec7a863fb0b9a6f20ea0aa52c7c0ea38e2fd (diff) | |
download | swift-contrib-eb6a3e659254de70b7c45627e7e0f4f53b737d04.zip swift-contrib-eb6a3e659254de70b7c45627e7e0f4f53b737d04.tar.bz2 |
Don't allow PLAIN over Non-TLS.
Diffstat (limited to 'Swiften/Client')
-rw-r--r-- | Swiften/Client/ClientSession.cpp | 11 | ||||
-rw-r--r-- | Swiften/Client/ClientSession.h | 5 | ||||
-rw-r--r-- | Swiften/Client/UnitTest/ClientSessionTest.cpp | 18 |
3 files changed, 29 insertions, 5 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp index a255cef..5e2cd84 100644 --- a/Swiften/Client/ClientSession.cpp +++ b/Swiften/Client/ClientSession.cpp @@ -40,6 +40,7 @@ ClientSession::ClientSession( localJID(jid), state(Initial), stream(stream), + allowPLAINOverNonTLS(false), needSessionStart(false), authenticator(NULL) { } @@ -108,6 +109,11 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) { state = WaitingForCredentials; onNeedCredentials(); } + else if ((stream->isTLSEncrypted() || allowPLAINOverNonTLS) && streamFeatures->hasAuthenticationMechanism("PLAIN")) { + authenticator = new PLAINClientAuthenticator(); + state = WaitingForCredentials; + onNeedCredentials(); + } else if (streamFeatures->hasAuthenticationMechanism("DIGEST-MD5")) { std::ostringstream s; s << boost::uuids::random_generator()(); @@ -116,11 +122,6 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) { state = WaitingForCredentials; onNeedCredentials(); } - else if (streamFeatures->hasAuthenticationMechanism("PLAIN")) { - authenticator = new PLAINClientAuthenticator(); - state = WaitingForCredentials; - onNeedCredentials(); - } else { finishSession(Error::NoSupportedAuthMechanismsError); } diff --git a/Swiften/Client/ClientSession.h b/Swiften/Client/ClientSession.h index fa52706..37f8bea 100644 --- a/Swiften/Client/ClientSession.h +++ b/Swiften/Client/ClientSession.h @@ -61,6 +61,10 @@ namespace Swift { return state; } + void setAllowPLAINOverNonTLS(bool b) { + allowPLAINOverNonTLS = b; + } + void start(); void finish(); @@ -100,6 +104,7 @@ namespace Swift { JID localJID; State state; boost::shared_ptr<SessionStream> stream; + bool allowPLAINOverNonTLS; bool needSessionStart; ClientAuthenticator* authenticator; }; diff --git a/Swiften/Client/UnitTest/ClientSessionTest.cpp b/Swiften/Client/UnitTest/ClientSessionTest.cpp index 8e0a85d..180eab8 100644 --- a/Swiften/Client/UnitTest/ClientSessionTest.cpp +++ b/Swiften/Client/UnitTest/ClientSessionTest.cpp @@ -138,6 +138,19 @@ class ClientSessionTest : public CppUnit::TestFixture { CPPUNIT_ASSERT(sessionFinishedError); } + void testAuthenticate_PLAINOverNonTLS() { + boost::shared_ptr<ClientSession> session(createSession()); + session->setAllowPLAINOverNonTLS(false); + session->start(); + server->receiveStreamStart(); + server->sendStreamStart(); + server->sendStreamFeaturesWithPLAINAuthentication(); + + CPPUNIT_ASSERT_EQUAL(ClientSession::Finished, session->getState()); + CPPUNIT_ASSERT(sessionFinishedReceived); + CPPUNIT_ASSERT(sessionFinishedError); + } + void testAuthenticate_NoValidAuthMechanisms() { boost::shared_ptr<ClientSession> session(createSession()); session->start(); @@ -155,6 +168,7 @@ class ClientSessionTest : public CppUnit::TestFixture { boost::shared_ptr<ClientSession> session = ClientSession::create(JID("me@foo.com"), server); session->onFinished.connect(boost::bind(&ClientSessionTest::handleSessionFinished, this, _1)); session->onNeedCredentials.connect(boost::bind(&ClientSessionTest::handleSessionNeedCredentials, this)); + session->setAllowPLAINOverNonTLS(true); return session; } @@ -206,6 +220,10 @@ class ClientSessionTest : public CppUnit::TestFixture { tlsEncrypted = true; } + virtual bool isTLSEncrypted() { + return tlsEncrypted; + } + virtual void addZLibCompression() { compressed = true; } |