Commit 25f2eba6 authored by Guus der Kinderen's avatar Guus der Kinderen

Merge pull request #557 from guusdk/OF-1092

OF-1092 Various fixes
parents 7adf9c58 10e0cc48
...@@ -230,7 +230,7 @@ public class SASLAuthentication { ...@@ -230,7 +230,7 @@ public class SASLAuthentication {
// Construct the configuration properties // Construct the configuration properties
final Map<String, Object> props = new HashMap<>(); final Map<String, Object> props = new HashMap<>();
props.put( LocalClientSession.class.getCanonicalName(), session ); props.put( LocalClientSession.class.getCanonicalName(), session );
props.put( Sasl.POLICY_NOANONYMOUS, !XMPPServer.getInstance().getIQAuthHandler().isAnonymousAllowed() ); props.put( Sasl.POLICY_NOANONYMOUS, Boolean.toString( !XMPPServer.getInstance().getIQAuthHandler().isAnonymousAllowed() ) );
SaslServer saslServer = Sasl.createSaslServer( mechanismName, "xmpp", session.getServerName(), props, new XMPPCallbackHandler() ); SaslServer saslServer = Sasl.createSaslServer( mechanismName, "xmpp", session.getServerName(), props, new XMPPCallbackHandler() );
if ( saslServer == null ) if ( saslServer == null )
......
...@@ -33,11 +33,14 @@ public class SaslProvider extends Provider { ...@@ -33,11 +33,14 @@ public class SaslProvider extends Provider {
/** /**
* Constructs a the JiveSoftware SASL provider. * Constructs a the JiveSoftware SASL provider.
*/ */
public SaslProvider() { public SaslProvider()
super("JiveSoftware", 1.0, "JiveSoftware SASL provider v1.0, implementing server mechanisms for: PLAIN, SCRAM-SHA-1"); {
// Add SaslServer supporting the PLAIN SASL mechanism super("JiveSoftware", 1.1, "JiveSoftware Openfire SASL provider v1.1" );
put("SaslServerFactory.PLAIN", "org.jivesoftware.openfire.sasl.SaslServerFactoryImpl");
// Add SaslServer supporting the SCRAM-SHA-1 SASL mechanism final SaslServerFactoryImpl serverFactory = new SaslServerFactoryImpl();
put("SaslServerFactory.SCRAM-SHA-1", "org.jivesoftware.openfire.sasl.SaslServerFactoryImpl"); for ( final String name : serverFactory.getMechanismNames( null ) )
{
put( "SaslServerFactory." + name, serverFactory.getClass().getCanonicalName() );
}
} }
} }
\ No newline at end of file
...@@ -55,8 +55,8 @@ public class SaslServerFactoryImpl implements SaslServerFactory ...@@ -55,8 +55,8 @@ public class SaslServerFactoryImpl implements SaslServerFactory
public SaslServerFactoryImpl() public SaslServerFactoryImpl()
{ {
allMechanisms = new HashSet<>(); allMechanisms = new HashSet<>();
allMechanisms.add( new Mechanism( "PLAIN", true, true ) ); allMechanisms.add( new Mechanism( "PLAIN", false, true ) );
allMechanisms.add( new Mechanism( "SCRAM_SHA_1", false, false ) ); allMechanisms.add( new Mechanism( "SCRAM-SHA-1", false, false ) );
allMechanisms.add( new Mechanism( "JIVE-SHAREDSECRET", true, false ) ); allMechanisms.add( new Mechanism( "JIVE-SHAREDSECRET", true, false ) );
allMechanisms.add( new Mechanism( "EXTERNAL", false, false ) ); allMechanisms.add( new Mechanism( "EXTERNAL", false, false ) );
} }
...@@ -73,14 +73,14 @@ public class SaslServerFactoryImpl implements SaslServerFactory ...@@ -73,14 +73,14 @@ public class SaslServerFactoryImpl implements SaslServerFactory
switch ( mechanism.toUpperCase() ) switch ( mechanism.toUpperCase() )
{ {
case "PLAIN": case "PLAIN":
if ( cbh != null ) if ( cbh == null )
{ {
Log.debug( "Unable to instantiate {} SaslServer: A callbackHandler with support for Password, Name, and AuthorizeCallback required.", mechanism ); Log.debug( "Unable to instantiate {} SaslServer: A callbackHandler with support for Password, Name, and AuthorizeCallback required.", mechanism );
return null; return null;
} }
return new SaslServerPlainImpl( protocol, serverName, props, cbh ); return new SaslServerPlainImpl( protocol, serverName, props, cbh );
case "SCRAM_SHA_1": case "SCRAM-SHA-1":
return new ScramSha1SaslServer(); return new ScramSha1SaslServer();
case "ANONYMOUS": case "ANONYMOUS":
...@@ -132,16 +132,19 @@ public class SaslServerFactoryImpl implements SaslServerFactory ...@@ -132,16 +132,19 @@ public class SaslServerFactoryImpl implements SaslServerFactory
for ( final Mechanism mechanism : allMechanisms ) for ( final Mechanism mechanism : allMechanisms )
{ {
if ( mechanism.allowsAnonymous && props.containsKey( Sasl.POLICY_NOANONYMOUS ) && Boolean.parseBoolean( (String) props.get( Sasl.POLICY_NOANONYMOUS ) ) ) if ( props != null )
{ {
// Do not include a mechanism that allows anonymous authentication when the 'no anonymous' policy is set. if ( mechanism.allowsAnonymous && props.containsKey( Sasl.POLICY_NOANONYMOUS ) && Boolean.parseBoolean( (String) props.get( Sasl.POLICY_NOANONYMOUS ) ) )
continue; {
} // Do not include a mechanism that allows anonymous authentication when the 'no anonymous' policy is set.
continue;
}
if ( mechanism.isPlaintext && props.containsKey( Sasl.POLICY_NOPLAINTEXT ) && Boolean.parseBoolean( (String) props.get( Sasl.POLICY_NOPLAINTEXT ) ) ) if ( mechanism.isPlaintext && props.containsKey( Sasl.POLICY_NOPLAINTEXT ) && Boolean.parseBoolean( (String) props.get( Sasl.POLICY_NOPLAINTEXT ) ) )
{ {
// Do not include a mechanism that is susceptible to simple plain passive attacks when the 'no plaintext' policy is set. // Do not include a mechanism that is susceptible to simple plain passive attacks when the 'no plaintext' policy is set.
continue; continue;
}
} }
// Mechanism passed all filters. It should be part of the result. // Mechanism passed all filters. It should be part of the result.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment