--- /tmp/jabberd-2.2.13/c2s/c2s.h 2011-02-23 08:24:34.000000000 -0800 +++ ./jabberd2/c2s/c2s.h 2011-03-30 21:57:57.000000000 -0700 @@ -27,6 +27,7 @@ #include "mio/mio.h" #include "sx/sx.h" #include "util/util.h" +#include "odckit.h" #ifdef HAVE_SIGNAL_H # include <signal.h> @@ -108,11 +109,15 @@ struct sess_st { nad_t result; int sasl_authd; /* 1 = they did a sasl auth */ + + /** Apple: session challenge for challenge-response authentication */ + char auth_challenge[65]; }; /* allowed mechanisms */ #define AR_MECH_TRAD_PLAIN (1<<0) #define AR_MECH_TRAD_DIGEST (1<<1) +#define AR_MECH_TRAD_CRAMMD5 (1<<2) struct host_st { /** our realm (SASL) */ @@ -124,6 +129,9 @@ struct host_st { /** certificate chain */ char *host_cachain; + /** private key password */ + char *host_private_key_password; + /** verify-mode */ int host_verify_mode; @@ -148,6 +156,8 @@ struct c2s_st { char *router_user; char *router_pass; char *router_pemfile; + char *router_cachain; + char *router_private_key_password; /** mio context */ mio_t mio; @@ -206,6 +216,9 @@ struct c2s_st { /** encrypted port cachain file */ char *local_cachain; + /** private key password */ + char *local_private_key_password; + /** verify-mode */ int local_verify_mode; @@ -217,6 +230,9 @@ struct c2s_st { int pbx_pipe_fd; mio_fd_t pbx_pipe_mio_fd; + /** stream redirection (see-other-host) on session connect */ + xht stream_redirects; + /** max file descriptors */ int io_max_fds; @@ -238,6 +254,9 @@ struct c2s_st { int ar_mechanisms; int ar_ssl_mechanisms; + /** APPLE: Name of SACL to use for authorization */ + char *ar_authorization_sacl_name; + /** connection rates */ int conn_rate_total; int conn_rate_seconds; @@ -325,6 +344,10 @@ struct authreg_st /** returns 1 if the user is permitted to authorize as the requested_user, 0 if not. requested_user is a JID */ int (*user_authz_allowed)(authreg_t ar, char *username, char *realm, char *requested_user); + + /** Apple extensions for challenge/response authentication methods */ + int (*create_challenge)(authreg_t ar, char *username, char *challenge, int maxlen); + int (*check_response)(authreg_t ar, char *username, char *realm, char *challenge, char *response); }; /** get a handle for a single module */ @@ -356,3 +379,18 @@ union xhashv char **char_val; sess_t *sess_val; }; + +// Data for stream redirect errors +typedef struct stream_redirect_st +{ + char *to_address; + char *to_port; +} *stream_redirect_t; + +/* Apple OD authentication/authorization */ +#define APPLE_ENABLE_OD_AUTH 1 + +#ifdef APPLE_ENABLE_OD_AUTH +#define APPLE_CHAT_SACL_NAME "chat" + +#endif /* APPLE_ENABLE_OD_AUTH */