Skip to content

O
Openfire
Commit 5dbb9cc0 authored by Gaston Dombiak's avatar Gaston Dombiak Committed by gato
Browse files
Options

Added support for EXTERNAL SASL for s2s. JM-396 

git-svn-id: http://svn.igniterealtime.org/svn/repos/messenger/trunk@2864 b35dd754-fafc-0310-a699-88a17e54d16e
parent 524afcf3
Hide whitespace changes
Inline Side-by-side
Showing with 44 additions and 2 deletions
src/java/org/jivesoftware/messenger/net/SASLAuthentication.java
View file @ 5dbb9cc0
...@@ -17,6 +17,7 @@ import org.dom4j.io.XPPPacketReader; ...@@ -17,6 +17,7 @@ import org.dom4j.io.XPPPacketReader;
import org.jivesoftware.messenger.ClientSession; import org.jivesoftware.messenger.ClientSession;
import org.jivesoftware.messenger.Session; import org.jivesoftware.messenger.Session;
import org.jivesoftware.messenger.XMPPServer; import org.jivesoftware.messenger.XMPPServer;
import org.jivesoftware.messenger.server.IncomingServerSession;
import org.jivesoftware.messenger.user.UserManager; import org.jivesoftware.messenger.user.UserManager;
import org.jivesoftware.messenger.auth.AuthFactory; import org.jivesoftware.messenger.auth.AuthFactory;
import org.jivesoftware.messenger.auth.AuthToken; import org.jivesoftware.messenger.auth.AuthToken;
...@@ -24,6 +25,7 @@ import org.jivesoftware.messenger.auth.UnauthorizedException; ...@@ -24,6 +25,7 @@ import org.jivesoftware.messenger.auth.UnauthorizedException;
import org.jivesoftware.util.Log; import org.jivesoftware.util.Log;
import org.jivesoftware.util.StringUtils; import org.jivesoftware.util.StringUtils;
import org.xmlpull.v1.XmlPullParserException; import org.xmlpull.v1.XmlPullParserException;
import org.xmpp.packet.JID;
import javax.security.sasl.Sasl; import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException; import javax.security.sasl.SaslException;
...@@ -114,8 +116,8 @@ public class SASLAuthentication { ...@@ -114,8 +116,8 @@ public class SASLAuthentication {
if (XMPPServer.getInstance().getIQAuthHandler().isAllowAnonymous()) { if (XMPPServer.getInstance().getIQAuthHandler().isAllowAnonymous()) {
sb.append("<mechanism>ANONYMOUS</mechanism>"); sb.append("<mechanism>ANONYMOUS</mechanism>");
} }
if (session.getConnection().isSecure()) { if (session.getConnection().isSecure() && session instanceof IncomingServerSession) {
//sb.append("<mechanism>EXTERNAL</mechanism>"); sb.append("<mechanism>EXTERNAL</mechanism>");
} }
sb.append("</mechanisms>"); sb.append("</mechanisms>");
return sb.toString(); return sb.toString();
...@@ -141,6 +143,10 @@ public class SASLAuthentication { ...@@ -141,6 +143,10 @@ public class SASLAuthentication {
success = doAnonymousAuthentication(); success = doAnonymousAuthentication();
isComplete = true; isComplete = true;
} }
else if (mechanism.equalsIgnoreCase("EXTERNAL")) {
success = doExternalAuthentication(doc);
isComplete = true;
}
else { else {
// The selected SASL mechanism requires the server to send a challenge // The selected SASL mechanism requires the server to send a challenge
// to the client // to the client
...@@ -252,6 +258,34 @@ public class SASLAuthentication { ...@@ -252,6 +258,34 @@ public class SASLAuthentication {
} }
} }
private boolean doExternalAuthentication(Element doc) throws DocumentException, IOException,
XmlPullParserException {
// Only accept EXTERNAL SASL for s2s
if (!(session instanceof IncomingServerSession)) {
return false;
}
String hostname = doc.getTextTrim();
if (hostname != null && hostname.length() > 0) {
// TODO Check that the hostname matches the one provided in the certificate
authenticationSuccessful(StringUtils.decodeBase64(hostname));
return true;
}
else {
// No hostname was provided so send a challenge to get it
sendChallenge(new byte[0]);
// Get the next answer since we are not done yet
doc = reader.parseDocument().getRootElement();
if (doc != null && doc.getTextTrim().length() > 0) {
authenticationSuccessful(StringUtils.decodeBase64(doc.getTextTrim()));
return true;
}
else {
authenticationFailed();
return false;
}
}
}
private void sendChallenge(byte[] challenge) { private void sendChallenge(byte[] challenge) {
StringBuilder reply = new StringBuilder(); StringBuilder reply = new StringBuilder();
reply.append( reply.append(
...@@ -269,6 +303,14 @@ public class SASLAuthentication { ...@@ -269,6 +303,14 @@ public class SASLAuthentication {
if (session instanceof ClientSession) { if (session instanceof ClientSession) {
((ClientSession) session).setAuthToken(new AuthToken(username)); ((ClientSession) session).setAuthToken(new AuthToken(username));
} }
else if (session instanceof IncomingServerSession) {
String hostname = username;
// Set the first validated domain as the address of the session
session.setAddress(new JID(null, hostname, null));
// Add the validated domain as a valid domain. The remote server can
// now send packets from this address
((IncomingServerSession) session).addValidatedDomain(hostname);
}
} }
private void authenticationFailed() { private void authenticationFailed() {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023