--- /tmp/jabberd-2.2.13/c2s/authreg.c 2011-02-23 08:24:34.000000000 -0800 +++ ./jabberd2/c2s/authreg.c 2011-03-01 10:13:14.000000000 -0800 @@ -27,6 +27,8 @@ #include <dlfcn.h> #endif +#include "auth_event.h" + /* authreg module manager */ typedef struct _authreg_error_st { @@ -121,7 +123,7 @@ void authreg_free(authreg_t ar) { /** auth get handler */ static void _authreg_auth_get(c2s_t c2s, sess_t sess, nad_t nad) { - int ns, elem, attr; + int ns, elem, attr, err; char username[1024], id[128]; int ar_mechs; @@ -155,7 +157,7 @@ static void _authreg_auth_get(c2s_t c2s, ar_mechs = ar_mechs | c2s->ar_ssl_mechanisms; /* no point going on if we have no mechanisms */ - if(!(ar_mechs & (AR_MECH_TRAD_PLAIN | AR_MECH_TRAD_DIGEST))) { + if(!(ar_mechs & (AR_MECH_TRAD_PLAIN | AR_MECH_TRAD_DIGEST | AR_MECH_TRAD_CRAMMD5))) { sx_nad_write(sess->s, stanza_tofrom(stanza_error(nad, 0, stanza_err_FORBIDDEN), 0)); return; } @@ -199,6 +201,19 @@ static void _authreg_auth_get(c2s_t c2s, if(ar_mechs & AR_MECH_TRAD_DIGEST && c2s->ar->get_password != NULL) nad_append_elem(nad, ns, "digest", 2); + if (ar_mechs & AR_MECH_TRAD_CRAMMD5 && c2s->ar->create_challenge != NULL) { + err = (c2s->ar->create_challenge)(c2s->ar, (char *) username, (char *) sess->auth_challenge, sizeof(sess->auth_challenge)); + if (0 == err) { /* operation failed */ + sx_nad_write(sess->s, stanza_tofrom(stanza_error(nad, 0, stanza_err_INTERNAL_SERVER_ERROR), 0)); + return; + } + else if (1 == err) { /* operation succeeded */ + nad_append_elem(nad, ns, "crammd5", 2); + nad_append_attr(nad, -1, "challenge", sess->auth_challenge); + } + else ; /* auth method unsupported for user */ + } + /* give it back to the client */ sx_nad_write(sess->s, nad); @@ -260,7 +275,7 @@ static void _authreg_auth_set(c2s_t c2s, ar_mechs = ar_mechs | c2s->ar_ssl_mechanisms; /* no point going on if we have no mechanisms */ - if(!(ar_mechs & (AR_MECH_TRAD_PLAIN | AR_MECH_TRAD_DIGEST))) { + if(!(ar_mechs & (AR_MECH_TRAD_PLAIN | AR_MECH_TRAD_DIGEST | AR_MECH_TRAD_CRAMMD5))) { sx_nad_write(sess->s, stanza_tofrom(stanza_error(nad, 0, stanza_err_FORBIDDEN), 0)); return; } @@ -271,6 +286,24 @@ static void _authreg_auth_set(c2s_t c2s, return; } + /* Apple: handle CRAM-MD5 response */ + if(!authd && ar_mechs & AR_MECH_TRAD_CRAMMD5 && c2s->ar->check_response != NULL) + { + elem = nad_find_elem(nad, 1, ns, "crammd5", 1); + if(elem >= 0) + { + snprintf(str, 1024, "%.*s", NAD_CDATA_L(nad, elem), NAD_CDATA(nad, elem)); + if((c2s->ar->check_response)(c2s->ar, username, sess->host->realm, sess->auth_challenge, str) == 0) + { + log_debug(ZONE, "crammd5 auth (check) succeded"); + authd = 1; + auth_event_log_simple(username, sess->s->ip, sess->s->port, "traditional.cram-md5", eAuthSuccess); + } else { + auth_event_log_simple(username, sess->s->ip, sess->s->port, "traditional.cram-md5", eAuthFailure); + } + } + } + /* digest auth */ if(!authd && ar_mechs & AR_MECH_TRAD_DIGEST && c2s->ar->get_password != NULL) { @@ -286,6 +319,9 @@ static void _authreg_auth_set(c2s_t c2s, { log_debug(ZONE, "digest auth succeeded"); authd = 1; + auth_event_log_simple(username, sess->s->ip, sess->s->port, "traditional.digest", eAuthSuccess); + } else { + auth_event_log_simple(username, sess->s->ip, sess->s->port, "traditional.digest", eAuthFailure); } } } @@ -301,6 +337,9 @@ static void _authreg_auth_set(c2s_t c2s, { log_debug(ZONE, "plaintext auth (compare) succeeded"); authd = 1; + auth_event_log_simple(username, sess->s->ip, sess->s->port, "traditional.plain(compare)", eAuthSuccess); + } else { + auth_event_log_simple(username, sess->s->ip, sess->s->port, "traditional.plain(compare)", eAuthFailure); } } } @@ -316,6 +355,9 @@ static void _authreg_auth_set(c2s_t c2s, { log_debug(ZONE, "plaintext auth (check) succeded"); authd = 1; + auth_event_log_simple(username, sess->s->ip, sess->s->port, "traditional.plain", eAuthSuccess); + } else { + auth_event_log_simple(username, sess->s->ip, sess->s->port, "traditional.plain", eAuthFailure); } } }