void QXmppIncomingClientPrivate::checkCredentials (const QByteArray &response) { QXmppPasswordRequest request; request.setDomain (domain); request.setUsername (saslServer->username()); if (saslServer->mechanism() == "PLAIN") { request.setPassword (saslServer->password()); QXmppPasswordReply *reply = passwordChecker->checkPassword (request); reply->setParent (q); reply->setProperty ("__sasl_raw", response); QObject::connect (reply, SIGNAL (finished()), q, SLOT (onPasswordReply())); } else if (saslServer->mechanism() == "DIGEST-MD5") { QXmppPasswordReply *reply = passwordChecker->getDigest (request); reply->setParent (q); reply->setProperty ("__sasl_raw", response); QObject::connect (reply, SIGNAL (finished()), q, SLOT (onDigestReply())); } }
QXmppPasswordReply::Error HostQxmpp::PD::getPassword( const QXmppPasswordRequest & request, QString & password ) { QHash<QString, QString>::const_iterator it = clientList.find( request.username() ); if ( it == clientList.end() ) return QXmppPasswordReply::AuthorizationError; password = it.value(); return QXmppPasswordReply::NoError; }
/// Retrieves the password for the given username. QXmppPasswordReply::Error getPassword(const QXmppPasswordRequest &request, QString &password) { if (request.username() == USERNAME) { password = PASSWORD; return QXmppPasswordReply::NoError; } else { return QXmppPasswordReply::AuthorizationError; } };
void QXmppIncomingClient::handleStanza(const QDomElement &nodeRecv) { const QString ns = nodeRecv.namespaceURI(); if (d->idleTimer->interval()) d->idleTimer->start(); if (ns == ns_tls && nodeRecv.tagName() == "starttls") { sendData("<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); socket()->flush(); socket()->startServerEncryption(); return; } else if (ns == ns_sasl) { if (nodeRecv.tagName() == "auth") { const QString mechanism = nodeRecv.attribute("mechanism"); if (mechanism == "PLAIN") { QList<QByteArray> auth = QByteArray::fromBase64(nodeRecv.text().toAscii()).split('\0'); if (auth.size() != 3) { sendData("<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><incorrect-encoding/></failure>"); disconnectFromHost(); return; } QXmppPasswordRequest request; request.setDomain(d->domain); request.setUsername(QString::fromUtf8(auth[1])); request.setPassword(QString::fromUtf8(auth[2])); if (!d->passwordChecker) { // FIXME: what type of failure? warning(QString("Cannot authenticate '%1', no password checker").arg(request.username())); sendData("<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>"); disconnectFromHost(); return; } QXmppPasswordReply *reply = d->passwordChecker->checkPassword(request); reply->setParent(this); reply->setProperty("__sasl_username", request.username()); connect(reply, SIGNAL(finished()), this, SLOT(onPasswordReply())); } else if (mechanism == "DIGEST-MD5") { // generate nonce d->saslDigest.setNonce(QXmppSaslDigestMd5::generateNonce()); d->saslDigest.setQop("auth"); d->saslStep = 1; QMap<QByteArray, QByteArray> challenge; challenge["nonce"] = d->saslDigest.nonce(); challenge["realm"] = d->domain.toUtf8(); challenge["qop"] = d->saslDigest.qop(); challenge["charset"] = "utf-8"; challenge["algorithm"] = "md5-sess"; const QByteArray data = QXmppSaslDigestMd5::serializeMessage(challenge).toBase64(); sendData("<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>" + data +"</challenge>"); } else { // unsupported method sendData("<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'></failure>"); disconnectFromHost(); return; } } else if (nodeRecv.tagName() == "response") { if (d->saslStep == 1) { const QByteArray raw = QByteArray::fromBase64(nodeRecv.text().toAscii()); QMap<QByteArray, QByteArray> saslResponse = QXmppSaslDigestMd5::parseMessage(raw); // check credentials const QString username = QString::fromUtf8(saslResponse.value("username")); if (!d->passwordChecker) { // FIXME: what type of failure? warning(QString("Cannot authenticate '%1', no password checker").arg(username)); sendData("<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>"); disconnectFromHost(); return; } QXmppPasswordRequest request; request.setUsername(username); request.setDomain(d->domain); QXmppPasswordReply *reply = d->passwordChecker->getDigest(request); reply->setParent(this); reply->setProperty("__sasl_raw", raw); connect(reply, SIGNAL(finished()), this, SLOT(onDigestReply())); } else if (d->saslStep == 2) { // authentication succeeded d->saslStep = 3; info(QString("Authentication succeeded for '%1'").arg(d->username)); sendData("<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>"); } } } else if (ns == ns_client) { if (nodeRecv.tagName() == "iq") { const QString type = nodeRecv.attribute("type"); if (QXmppBindIq::isBindIq(nodeRecv) && type == "set") { QXmppBindIq bindSet; bindSet.parse(nodeRecv); d->resource = bindSet.resource().trimmed(); if (d->resource.isEmpty()) d->resource = generateStanzaHash(); QXmppBindIq bindResult; bindResult.setType(QXmppIq::Result); bindResult.setId(bindSet.id()); bindResult.setJid(jid()); sendPacket(bindResult); // bound emit connected(); return; } else if (QXmppSessionIq::isSessionIq(nodeRecv) && type == "set") { QXmppSessionIq sessionSet; sessionSet.parse(nodeRecv); QXmppIq sessionResult; sessionResult.setType(QXmppIq::Result); sessionResult.setId(sessionSet.id()); sessionResult.setTo(jid()); sendPacket(sessionResult); return; } } // check the sender is legitimate const QString from = nodeRecv.attribute("from"); if (!from.isEmpty() && from != jid() && from != jidToBareJid(jid())) { warning(QString("Received a stanza from unexpected JID %1").arg(from)); return; } // process unhandled stanzas if (nodeRecv.tagName() == "iq" || nodeRecv.tagName() == "message" || nodeRecv.tagName() == "presence") { QDomElement nodeFull(nodeRecv); // if the sender is empty, set it to the appropriate JID if (nodeFull.attribute("from").isEmpty()) { if (nodeFull.tagName() == "presence" && (nodeFull.attribute("type") == "subscribe" || nodeFull.attribute("type") == "subscribed")) nodeFull.setAttribute("from", jidToBareJid(jid())); else nodeFull.setAttribute("from", jid()); } // if the recipient is empty, set it to the local domain if (nodeFull.attribute("to").isEmpty()) nodeFull.setAttribute("to", d->domain); // emit stanza for processing by server emit elementReceived(nodeFull); } } }