bool Client::login()
{
bool retval = true;
if( m_streamFeatures & SaslMechDigestMd5 && m_availableSaslMechs & SaslMechDigestMd5
&& !m_forceNonSasl )
{
notifyStreamEvent( StreamEventAuthentication );
startSASL( SaslMechDigestMd5 );
}
else if( m_streamFeatures & SaslMechPlain && m_availableSaslMechs & SaslMechPlain
&& !m_forceNonSasl )
{
notifyStreamEvent( StreamEventAuthentication );
startSASL( SaslMechPlain );
}
else if( m_streamFeatures & StreamFeatureIqAuth || m_forceNonSasl )
{
notifyStreamEvent( StreamEventAuthentication );
nonSaslLogin();
}
else
retval = false;
return retval;
}
bool Client::handleNormalNode( Tag* tag )
{
if( tag->name() == "features" && tag->xmlns() == XMLNS_STREAM )
{
m_streamFeatures = getStreamFeatures( tag );
if( m_tls == TLSRequired && !m_encryptionActive
&& ( !m_encryption || !( m_streamFeatures & StreamFeatureStartTls ) ) )
{
logInstance().err( LogAreaClassClient, "Client is configured to require"
" TLS but either the server didn't offer TLS or"
" TLS support is not compiled in." );
disconnect( ConnTlsNotAvailable );
}
else if( m_tls > TLSDisabled && m_encryption && !m_encryptionActive
&& ( m_streamFeatures & StreamFeatureStartTls ) )
{
notifyStreamEvent( StreamEventEncryption );
startTls();
}
else if( m_compress && m_compression && !m_compressionActive
&& ( m_streamFeatures & StreamFeatureCompressZlib ) )
{
notifyStreamEvent( StreamEventCompression );
logInstance().warn( LogAreaClassClient, "The server offers compression, but negotiating Compression at this stage is not recommended. See XEP-0170 for details. We'll continue anyway." );
negotiateCompression( StreamFeatureCompressZlib );
}
else if( m_sasl )
{
if( m_authed )
{
if( m_streamFeatures & StreamFeatureBind )
{
notifyStreamEvent( StreamEventResourceBinding );
bindResource( resource() );
}
}
else if( m_doAuth && !username().empty() && !password().empty() )
{
if( m_streamFeatures & SaslMechDigestMd5 && m_availableSaslMechs & SaslMechDigestMd5
&& !m_forceNonSasl )
{
notifyStreamEvent( StreamEventAuthentication );
startSASL( SaslMechDigestMd5 );
}
else if( m_streamFeatures & SaslMechPlain && m_availableSaslMechs & SaslMechPlain
&& !m_forceNonSasl )
{
notifyStreamEvent( StreamEventAuthentication );
startSASL( SaslMechPlain );
}
else if( m_streamFeatures & StreamFeatureIqAuth || m_forceNonSasl )
{
notifyStreamEvent( StreamEventAuthentication );
nonSaslLogin();
}
else
{
logInstance().err( LogAreaClassClient, "the server doesn't support"
" any auth mechanisms we know about" );
disconnect( ConnNoSupportedAuth );
}
}
else if( m_doAuth && !m_clientCerts.empty() && !m_clientKey.empty()
&& m_streamFeatures & SaslMechExternal && m_availableSaslMechs & SaslMechExternal )
{
notifyStreamEvent( StreamEventAuthentication );
startSASL( SaslMechExternal );
}
#ifdef _WIN32
else if( m_doAuth && m_streamFeatures & SaslMechGssapi && m_availableSaslMechs & SaslMechGssapi )
{
notifyStreamEvent( StreamEventAuthentication );
startSASL( SaslMechGssapi );
}
#endif
else if( m_doAuth && m_streamFeatures & SaslMechAnonymous
&& m_availableSaslMechs & SaslMechAnonymous )
{
notifyStreamEvent( StreamEventAuthentication );
startSASL( SaslMechAnonymous );
}
else
{
notifyStreamEvent( StreamEventFinished );
connected();
}
}
else if( m_compress && m_compression && !m_compressionActive
&& ( m_streamFeatures & StreamFeatureCompressZlib ) )
{
notifyStreamEvent( StreamEventCompression );
negotiateCompression( StreamFeatureCompressZlib );
}
// else if( ( m_streamFeatures & StreamFeatureCompressDclz )
// && m_connection->initCompression( StreamFeatureCompressDclz ) )
// {
// negotiateCompression( StreamFeatureCompressDclz );
// }
else if( m_streamFeatures & StreamFeatureIqAuth )
{
notifyStreamEvent( StreamEventAuthentication );
nonSaslLogin();
}
else
{
logInstance().err( LogAreaClassClient, "fallback: the server doesn't "
"support any auth mechanisms we know about" );
disconnect( ConnNoSupportedAuth );
}
}
else
{
const std::string& name = tag->name(),
xmlns = tag->findAttribute( XMLNS );
if( name == "proceed" && xmlns == XMLNS_STREAM_TLS )
{
logInstance().dbg( LogAreaClassClient, "starting TLS handshake..." );
if( m_encryption )
{
m_encryptionActive = true;
m_encryption->handshake();
}
}
else if( name == "failure" )
{
if( xmlns == XMLNS_STREAM_TLS )
{
logInstance().err( LogAreaClassClient, "TLS handshake failed (server-side)!" );
disconnect( ConnTlsFailed );
}
else if( xmlns == XMLNS_COMPRESSION )
{
logInstance().err( LogAreaClassClient, "stream compression init failed!" );
disconnect( ConnCompressionFailed );
}
else if( xmlns == XMLNS_STREAM_SASL )
{
logInstance().err( LogAreaClassClient, "SASL authentication failed!" );
processSASLError( tag );
disconnect( ConnAuthenticationFailed );
}
}
else if( name == "compressed" && xmlns == XMLNS_COMPRESSION )
{
logInstance().dbg( LogAreaClassClient, "stream compression inited" );
m_compressionActive = true;
header();
}
else if( name == "challenge" && xmlns == XMLNS_STREAM_SASL )
{
logInstance().dbg( LogAreaClassClient, "processing SASL challenge" );
processSASLChallenge( tag->cdata() );
}
else if( name == "success" && xmlns == XMLNS_STREAM_SASL )
{
logInstance().dbg( LogAreaClassClient, "SASL authentication successful" );
setAuthed( true );
header();
}
else
return false;
}
return true;
}
bool Client::handleNormalNode( Stanza *stanza )
{
if( stanza->name() == "stream:features" )
{
m_streamFeatures = getStreamFeatures( stanza );
if( m_tls == TLSRequired && !m_encryptionActive
&& ( !m_encryption || !( m_streamFeatures & StreamFeatureStartTls ) ) )
{
logInstance().log( LogLevelError, LogAreaClassClient,
"Client is configured to require TLS but either the server didn't offer TLS or "
"TLS support is not compiled in." );
disconnect( ConnTlsNotAvailable );
}
else if( m_tls > TLSDisabled && m_encryption && !m_encryptionActive
&& ( m_streamFeatures & StreamFeatureStartTls ) )
{
notifyStreamEvent( StreamEventEncryption );
startTls();
}
else if( m_sasl )
{
if( m_authed )
{
if( m_streamFeatures & StreamFeatureBind )
{
notifyStreamEvent( StreamEventResourceBinding );
bindResource();
}
}
else if( m_doAuth && !username().empty() && !password().empty() )
{
if( !login() )
{
logInstance().log( LogLevelError, LogAreaClassClient,
"the server doesn't support any auth mechanisms we know about" );
disconnect( ConnNoSupportedAuth );
}
}
else if( m_doAuth && !m_clientCerts.empty() && !m_clientKey.empty()
&& m_streamFeatures & SaslMechExternal && m_availableSaslMechs & SaslMechExternal )
{
notifyStreamEvent( StreamEventAuthentication );
startSASL( SaslMechExternal );
}
#ifdef _WIN32
else if( m_doAuth && m_streamFeatures & SaslMechGssapi && m_availableSaslMechs & SaslMechGssapi )
{
notifyStreamEvent( StreamEventAuthentication );
startSASL( SaslMechGssapi );
}
#endif
else if( m_doAuth && m_streamFeatures & SaslMechAnonymous
&& m_availableSaslMechs & SaslMechAnonymous )
{
notifyStreamEvent( StreamEventAuthentication );
startSASL( SaslMechAnonymous );
}
else
{
notifyStreamEvent( StreamEventFinished );
connected();
}
}
else if( m_compress && m_compression && !m_compressionActive
&& ( m_streamFeatures & StreamFeatureCompressZlib ) )
{
notifyStreamEvent( StreamEventCompression );
negotiateCompression( StreamFeatureCompressZlib );
}
// else if( ( m_streamFeatures & StreamFeatureCompressDclz )
// && m_connection->initCompression( StreamFeatureCompressDclz ) )
// {
// negotiateCompression( StreamFeatureCompressDclz );
// }
else if( m_streamFeatures & StreamFeatureIqAuth )
{
notifyStreamEvent( StreamEventAuthentication );
nonSaslLogin();
}
else
{
logInstance().log( LogLevelError, LogAreaClassClient,
"fallback: the server doesn't support any auth mechanisms we know about" );
disconnect( ConnNoSupportedAuth );
}
}
else if( ( stanza->name() == "proceed" ) && stanza->hasAttribute( "xmlns", XMLNS_STREAM_TLS ) )
{
logInstance().log( LogLevelDebug, LogAreaClassClient, "starting TLS handshake..." );
if( m_encryption )
{
m_encryptionActive = true;
m_encryption->handshake();
}
}
else if( ( stanza->name() == "failure" ) && stanza->hasAttribute( "xmlns", XMLNS_STREAM_TLS ) )
{
logInstance().log( LogLevelError, LogAreaClassClient, "TLS handshake failed (server-side)!" );
disconnect( ConnTlsFailed );
}
else if( ( stanza->name() == "failure" ) && stanza->hasAttribute( "xmlns", XMLNS_COMPRESSION ) )
{
logInstance().log( LogLevelError, LogAreaClassClient, "stream compression init failed!" );
disconnect( ConnCompressionFailed );
}
else if( ( stanza->name() == "compressed" ) && stanza->hasAttribute( "xmlns", XMLNS_COMPRESSION ) )
{
logInstance().log( LogLevelDebug, LogAreaClassClient, "stream compression inited" );
m_compressionActive = true;
header();
}
else if( ( stanza->name() == "challenge" ) && stanza->hasAttribute( "xmlns", XMLNS_STREAM_SASL ) )
{
logInstance().log( LogLevelDebug, LogAreaClassClient, "processing SASL challenge" );
processSASLChallenge( stanza->cdata() );
}
else if( ( stanza->name() == "failure" ) && stanza->hasAttribute( "xmlns", XMLNS_STREAM_SASL ) )
{
logInstance().log( LogLevelError, LogAreaClassClient, "SASL authentication failed!" );
processSASLError( stanza );
disconnect( ConnAuthenticationFailed );
}
else if( ( stanza->name() == "success" ) && stanza->hasAttribute( "xmlns", XMLNS_STREAM_SASL ) )
{
logInstance().log( LogLevelDebug, LogAreaClassClient, "SASL authentication successful" );
setAuthed( true );
header();
}
else
{
if( ( stanza->name() == "iq" ) && stanza->hasAttribute( "id", "bind" ) )
{
processResourceBind( stanza );
}
else if( ( stanza->name() == "iq" ) && stanza->hasAttribute( "id", "session" ) )
{
processCreateSession( stanza );
}
else
return false;
}
return true;
}
