Swift
summaryrefslogtreecommitdiffstats
path: root/Swiften/Client/ClientSession.cpp
diff options
context:
space:
mode:
authorRemko Tronçon <git@el-tramo.be>2010-05-08 17:01:12 (GMT)
committerRemko Tronçon <git@el-tramo.be>2010-05-08 17:01:12 (GMT)
commiteb6a3e659254de70b7c45627e7e0f4f53b737d04 (patch)
tree09152371318a66feb4e8b0c936255bab17b74a91 /Swiften/Client/ClientSession.cpp
parentd233ec7a863fb0b9a6f20ea0aa52c7c0ea38e2fd (diff)
downloadswift-eb6a3e659254de70b7c45627e7e0f4f53b737d04.zip
swift-eb6a3e659254de70b7c45627e7e0f4f53b737d04.tar.bz2
Don't allow PLAIN over Non-TLS.
Diffstat (limited to 'Swiften/Client/ClientSession.cpp')
-rw-r--r--Swiften/Client/ClientSession.cpp11
1 files changed, 6 insertions, 5 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp
index a255cef..5e2cd84 100644
--- a/Swiften/Client/ClientSession.cpp
+++ b/Swiften/Client/ClientSession.cpp
@@ -40,6 +40,7 @@ ClientSession::ClientSession(
localJID(jid),
state(Initial),
stream(stream),
+ allowPLAINOverNonTLS(false),
needSessionStart(false),
authenticator(NULL) {
}
@@ -108,6 +109,11 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) {
state = WaitingForCredentials;
onNeedCredentials();
}
+ else if ((stream->isTLSEncrypted() || allowPLAINOverNonTLS) && streamFeatures->hasAuthenticationMechanism("PLAIN")) {
+ authenticator = new PLAINClientAuthenticator();
+ state = WaitingForCredentials;
+ onNeedCredentials();
+ }
else if (streamFeatures->hasAuthenticationMechanism("DIGEST-MD5")) {
std::ostringstream s;
s << boost::uuids::random_generator()();
@@ -116,11 +122,6 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) {
state = WaitingForCredentials;
onNeedCredentials();
}
- else if (streamFeatures->hasAuthenticationMechanism("PLAIN")) {
- authenticator = new PLAINClientAuthenticator();
- state = WaitingForCredentials;
- onNeedCredentials();
- }
else {
finishSession(Error::NoSupportedAuthMechanismsError);
}