From 4417a63a1acdf5f6e78655e8ae377bc24d5d8f02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Remko=20Tron=C3=A7on?= Date: Fri, 20 Nov 2009 23:53:40 +0100 Subject: Implement SCRAM-SHA1. Actually found out that I implemented the old RFC. Need to reimplement SCRAM-SHA1 from scratch based on http://tools.ietf.org/html/draft-ietf-sasl-scram-10 Disabling for now. diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp index 06a7617..f4c4a22 100644 --- a/Swiften/Client/ClientSession.cpp +++ b/Swiften/Client/ClientSession.cpp @@ -10,10 +10,13 @@ #include "Swiften/Elements/AuthRequest.h" #include "Swiften/Elements/AuthSuccess.h" #include "Swiften/Elements/AuthFailure.h" +#include "Swiften/Elements/AuthChallenge.h" +#include "Swiften/Elements/AuthResponse.h" #include "Swiften/Elements/StartSession.h" #include "Swiften/Elements/IQ.h" #include "Swiften/Elements/ResourceBind.h" #include "Swiften/SASL/PLAINClientAuthenticator.h" +#include "Swiften/SASL/SCRAMSHA1ClientAuthenticator.h" #include "Swiften/Session/SessionStream.h" namespace Swift { @@ -77,6 +80,12 @@ void ClientSession::handleElement(boost::shared_ptr element) { finishSession(Error::TLSClientCertificateError); } } + /*else if (streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1")) { + // FIXME: Use a real nonce + authenticator = new SCRAMSHA1ClientAuthenticator(ByteArray("\x01\x02\x03\x04\x05\x06\x07\x08", 8)); + state = WaitingForCredentials; + onNeedCredentials(); + }*/ else if (streamFeatures->hasAuthenticationMechanism("PLAIN")) { authenticator = new PLAINClientAuthenticator(); state = WaitingForCredentials; @@ -111,6 +120,16 @@ void ClientSession::handleElement(boost::shared_ptr element) { } } } + else if (AuthChallenge* challenge = dynamic_cast(element.get())) { + checkState(Authenticating); + assert(authenticator); + if (authenticator->setChallenge(challenge->getValue())) { + stream->writeElement(boost::shared_ptr(new AuthResponse(authenticator->getResponse()))); + } + else { + finishSession(Error::AuthenticationFailedError); + } + } else if (dynamic_cast(element.get())) { checkState(Authenticating); state = WaitingForStreamStart; diff --git a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp index 3109f56..f5c55c0 100644 --- a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp +++ b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp @@ -7,7 +7,7 @@ namespace Swift { -SCRAMSHA1ClientAuthenticator::SCRAMSHA1ClientAuthenticator(const ByteArray& nonce) : ClientAuthenticator("SCRAM-SHA1"), step(Initial), clientnonce(nonce) { +SCRAMSHA1ClientAuthenticator::SCRAMSHA1ClientAuthenticator(const ByteArray& nonce) : ClientAuthenticator("SCRAM-SHA-1"), step(Initial), clientnonce(nonce) { } ByteArray SCRAMSHA1ClientAuthenticator::getResponse() const { -- cgit v0.10.2-6-g49f6