Commit 42c48c38 authored by Dave Cridland's avatar Dave Cridland Committed by GitHub

Merge pull request #692 from surevine/pr-642

OF-1236 Handle and generate single equals sign in SASL exchanges properly
parents 9ffd6c26 908f3a79
...@@ -305,7 +305,7 @@ public class SASLAuthentication { ...@@ -305,7 +305,7 @@ public class SASLAuthentication {
// Decode any data that is provided in the client response. // Decode any data that is provided in the client response.
final String encoded = doc.getTextTrim(); final String encoded = doc.getTextTrim();
final byte[] decoded; final byte[] decoded;
if ( encoded == null || encoded.isEmpty() ) if ( encoded == null || encoded.isEmpty() || encoded.equals("=") ) // java SaslServer cannot handle a null.
{ {
decoded = new byte[ 0 ]; decoded = new byte[ 0 ];
} }
...@@ -404,22 +404,31 @@ public class SASLAuthentication { ...@@ -404,22 +404,31 @@ public class SASLAuthentication {
return false; return false;
} }
private static void sendChallenge(Session session, byte[] challenge) { private static void sendElement(Session session, String element, byte[] data) {
StringBuilder reply = new StringBuilder(250); StringBuilder reply = new StringBuilder(250);
if (challenge == null) { reply.append("<");
challenge = new byte[0]; reply.append(element);
} reply.append(" xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\"");
String challenge_b64 = StringUtils.encodeBase64(challenge).trim(); if (data != null) {
if ("".equals(challenge_b64)) { reply.append(">");
challenge_b64 = "="; // Must be padded if null String data_b64 = StringUtils.encodeBase64(data).trim();
if ("".equals(data_b64)) {
data_b64 = "=";
}
reply.append(data_b64);
reply.append("</");
reply.append(element);
reply.append(">");
} else {
reply.append("/>");
} }
reply.append(
"<challenge xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
reply.append(challenge_b64);
reply.append("</challenge>");
session.deliverRawText(reply.toString()); session.deliverRawText(reply.toString());
} }
private static void sendChallenge(Session session, byte[] challenge) {
sendElement(session, "challenge", challenge);
}
private static void authenticationSuccessful(LocalSession session, String username, private static void authenticationSuccessful(LocalSession session, String username,
byte[] successData) { byte[] successData) {
if (username != null && LockOutManager.getInstance().isAccountDisabled(username)) { if (username != null && LockOutManager.getInstance().isAccountDisabled(username)) {
...@@ -428,16 +437,7 @@ public class SASLAuthentication { ...@@ -428,16 +437,7 @@ public class SASLAuthentication {
authenticationFailed(session, Failure.ACCOUNT_DISABLED); authenticationFailed(session, Failure.ACCOUNT_DISABLED);
return; return;
} }
StringBuilder reply = new StringBuilder(80); sendElement(session, "success", successData);
reply.append("<success xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\"");
if (successData != null) {
String successData_b64 = StringUtils.encodeBase64(successData).trim();
reply.append('>').append(successData_b64).append("</success>");
}
else {
reply.append("/>");
}
session.deliverRawText( reply.toString() );
// We only support SASL for c2s // We only support SASL for c2s
if (session instanceof ClientSession) { if (session instanceof ClientSession) {
((LocalClientSession) session).setAuthToken(new AuthToken(username)); ((LocalClientSession) session).setAuthToken(new AuthToken(username));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment