Merge pull request #557 from guusdk/OF-1092

OF-1092 Various fixes

Merge pull request #557 from guusdk/OF-1092
OF-1092 Various fixes
25f2eba6 · Guus der Kinderen · 7adf9c58 · 10e0cc48 · 25f2eba6 · 25f2eba6
Commit 25f2eba6 authored Mar 07, 2016 by Guus der Kinderen
3 changed files
--- a/src/java/org/jivesoftware/openfire/net/SASLAuthentication.java
+++ b/src/java/org/jivesoftware/openfire/net/SASLAuthentication.java
@@ -230,7 +230,7 @@ public class SASLAuthentication {
                    // Construct the configuration properties
                    final Map<String, Object> props = new HashMap<>();
                    props.put( LocalClientSession.class.getCanonicalName(), session );
-                    props.put( Sasl.POLICY_NOANONYMOUS, !XMPPServer.getInstance().getIQAuthHandler().isAnonymousAllowed() );
+                    props.put( Sasl.POLICY_NOANONYMOUS, Boolean.toString( !XMPPServer.getInstance().getIQAuthHandler().isAnonymousAllowed() ) );

                    SaslServer saslServer = Sasl.createSaslServer( mechanismName, "xmpp", session.getServerName(), props, new XMPPCallbackHandler() );
                    if ( saslServer == null )

--- a/src/java/org/jivesoftware/openfire/sasl/SaslProvider.java
+++ b/src/java/org/jivesoftware/openfire/sasl/SaslProvider.java
@@ -33,11 +33,14 @@ public class SaslProvider extends Provider {
    /**
     * Constructs a the JiveSoftware SASL provider.
     */
-    public SaslProvider() {
-        super("JiveSoftware", 1.0, "JiveSoftware SASL provider v1.0, implementing server mechanisms for: PLAIN, SCRAM-SHA-1");
-        // Add SaslServer supporting the PLAIN SASL mechanism
-        put("SaslServerFactory.PLAIN", "org.jivesoftware.openfire.sasl.SaslServerFactoryImpl");
-        // Add SaslServer supporting the SCRAM-SHA-1 SASL mechanism
-        put("SaslServerFactory.SCRAM-SHA-1", "org.jivesoftware.openfire.sasl.SaslServerFactoryImpl");
+    public SaslProvider()
+    {
+        super("JiveSoftware", 1.1, "JiveSoftware Openfire SASL provider v1.1" );
+
+        final SaslServerFactoryImpl serverFactory = new SaslServerFactoryImpl();
+        for ( final String name : serverFactory.getMechanismNames( null ) )
+        {
+            put( "SaslServerFactory." + name, serverFactory.getClass().getCanonicalName() );
+        }
    }
 }
\ No newline at end of file
--- a/src/java/org/jivesoftware/openfire/sasl/SaslServerFactoryImpl.java
+++ b/src/java/org/jivesoftware/openfire/sasl/SaslServerFactoryImpl.java
@@ -55,8 +55,8 @@ public class SaslServerFactoryImpl implements SaslServerFactory
    public SaslServerFactoryImpl()
    {
        allMechanisms = new HashSet<>();
-        allMechanisms.add( new Mechanism( "PLAIN", true, true ) );
-        allMechanisms.add( new Mechanism( "SCRAM_SHA_1", false, false ) );
+        allMechanisms.add( new Mechanism( "PLAIN", false, true ) );
+        allMechanisms.add( new Mechanism( "SCRAM-SHA-1", false, false ) );
        allMechanisms.add( new Mechanism( "JIVE-SHAREDSECRET", true, false ) );
        allMechanisms.add( new Mechanism( "EXTERNAL", false, false ) );
    }
@@ -73,14 +73,14 @@ public class SaslServerFactoryImpl implements SaslServerFactory
        switch ( mechanism.toUpperCase() )
        {
            case "PLAIN":
-                if ( cbh != null )
+                if ( cbh == null )
                {
                    Log.debug( "Unable to instantiate {} SaslServer: A callbackHandler with support for Password, Name, and AuthorizeCallback required.", mechanism );
                    return null;
                }
                return new SaslServerPlainImpl( protocol, serverName, props, cbh );

-            case "SCRAM_SHA_1":
+            case "SCRAM-SHA-1":
                return new ScramSha1SaslServer();

            case "ANONYMOUS":
@@ -132,16 +132,19 @@ public class SaslServerFactoryImpl implements SaslServerFactory

        for ( final Mechanism mechanism : allMechanisms )
        {
-            if ( mechanism.allowsAnonymous && props.containsKey( Sasl.POLICY_NOANONYMOUS ) && Boolean.parseBoolean( (String) props.get( Sasl.POLICY_NOANONYMOUS ) ) )
+            if ( props != null )
            {
-                // Do not include a mechanism that allows anonymous authentication when the 'no anonymous' policy is set.
-                continue;
-            }
+                if ( mechanism.allowsAnonymous && props.containsKey( Sasl.POLICY_NOANONYMOUS ) && Boolean.parseBoolean( (String) props.get( Sasl.POLICY_NOANONYMOUS ) ) )
+                {
+                    // Do not include a mechanism that allows anonymous authentication when the 'no anonymous' policy is set.
+                    continue;
+                }

-            if ( mechanism.isPlaintext && props.containsKey( Sasl.POLICY_NOPLAINTEXT ) && Boolean.parseBoolean( (String) props.get( Sasl.POLICY_NOPLAINTEXT ) ) )
-            {
-                // Do not include a mechanism that is susceptible to simple plain passive attacks when the 'no plaintext' policy is set.
-                continue;
+                if ( mechanism.isPlaintext && props.containsKey( Sasl.POLICY_NOPLAINTEXT ) && Boolean.parseBoolean( (String) props.get( Sasl.POLICY_NOPLAINTEXT ) ) )
+                {
+                    // Do not include a mechanism that is susceptible to simple plain passive attacks when the 'no plaintext' policy is set.
+                    continue;
+                }
            }

            // Mechanism passed all filters. It should be part of the result.