--- /tmp/jabberd-2.2.13/c2s/c2s.h 2011-02-23 08:24:34.000000000 -0800
+++ ./jabberd2/c2s/c2s.h 2011-03-30 21:57:57.000000000 -0700
@@ -27,6 +27,7 @@
#include "mio/mio.h"
#include "sx/sx.h"
#include "util/util.h"
+#include "odckit.h"
#ifdef HAVE_SIGNAL_H
# include <signal.h>
@@ -108,11 +109,15 @@ struct sess_st {
nad_t result;
int sasl_authd; /* 1 = they did a sasl auth */
+
+ /** Apple: session challenge for challenge-response authentication */
+ char auth_challenge[65];
};
/* allowed mechanisms */
#define AR_MECH_TRAD_PLAIN (1<<0)
#define AR_MECH_TRAD_DIGEST (1<<1)
+#define AR_MECH_TRAD_CRAMMD5 (1<<2)
struct host_st {
/** our realm (SASL) */
@@ -124,6 +129,9 @@ struct host_st {
/** certificate chain */
char *host_cachain;
+ /** private key password */
+ char *host_private_key_password;
+
/** verify-mode */
int host_verify_mode;
@@ -148,6 +156,8 @@ struct c2s_st {
char *router_user;
char *router_pass;
char *router_pemfile;
+ char *router_cachain;
+ char *router_private_key_password;
/** mio context */
mio_t mio;
@@ -206,6 +216,9 @@ struct c2s_st {
/** encrypted port cachain file */
char *local_cachain;
+ /** private key password */
+ char *local_private_key_password;
+
/** verify-mode */
int local_verify_mode;
@@ -217,6 +230,9 @@ struct c2s_st {
int pbx_pipe_fd;
mio_fd_t pbx_pipe_mio_fd;
+ /** stream redirection (see-other-host) on session connect */
+ xht stream_redirects;
+
/** max file descriptors */
int io_max_fds;
@@ -238,6 +254,9 @@ struct c2s_st {
int ar_mechanisms;
int ar_ssl_mechanisms;
+ /** APPLE: Name of SACL to use for authorization */
+ char *ar_authorization_sacl_name;
+
/** connection rates */
int conn_rate_total;
int conn_rate_seconds;
@@ -325,6 +344,10 @@ struct authreg_st
/** returns 1 if the user is permitted to authorize as the requested_user, 0 if not. requested_user is a JID */
int (*user_authz_allowed)(authreg_t ar, char *username, char *realm, char *requested_user);
+
+ /** Apple extensions for challenge/response authentication methods */
+ int (*create_challenge)(authreg_t ar, char *username, char *challenge, int maxlen);
+ int (*check_response)(authreg_t ar, char *username, char *realm, char *challenge, char *response);
};
/** get a handle for a single module */
@@ -356,3 +379,18 @@ union xhashv
char **char_val;
sess_t *sess_val;
};
+
+// Data for stream redirect errors
+typedef struct stream_redirect_st
+{
+ char *to_address;
+ char *to_port;
+} *stream_redirect_t;
+
+/* Apple OD authentication/authorization */
+#define APPLE_ENABLE_OD_AUTH 1
+
+#ifdef APPLE_ENABLE_OD_AUTH
+#define APPLE_CHAT_SACL_NAME "chat"
+
+#endif /* APPLE_ENABLE_OD_AUTH */