static void on_notify_status_static(GObject* connection_obj,
GParamSpec*,
gpointer user_data)
{
AuthCommands* auth = static_cast<AuthCommands*>(user_data);
auth->on_notify_status(INF_XMPP_CONNECTION(connection_obj));
}
static void on_notify_status_static(GObject* object,
GParamSpec* pspec,
gpointer user_data)
{
static_cast<ConnectionManager*>(user_data)->on_notify_status(
INF_XMPP_CONNECTION(object));
}
static void
infinoted_plugin_certificate_auth_connection_added(InfXmlConnection* conn,
gpointer plugin_info,
gpointer connection_info)
{
InfinotedPluginCertificateAuth* plugin;
InfXmppConnection* xmpp;
gnutls_certificate_request_t cert_req;
plugin = (InfinotedPluginCertificateAuth*)plugin_info;
if(INF_IS_XMPP_CONNECTION(conn))
{
xmpp = INF_XMPP_CONNECTION(conn);
if(plugin->accept_unauthenticated_clients == TRUE)
cert_req = GNUTLS_CERT_REQUEST;
else
cert_req = GNUTLS_CERT_REQUIRE;
inf_xmpp_connection_set_certificate_callback(
xmpp,
cert_req,
infinoted_plugin_certificate_auth_certificate_func,
plugin
);
}
}
static void sasl_callback_static(InfSaslContextSession* session,
Gsasl_property prop,
gpointer session_data,
gpointer user_data)
{
AuthCommands* auth = static_cast<AuthCommands*>(user_data);
auth->sasl_callback(
session, INF_XMPP_CONNECTION(session_data), prop);
}
void Gobby::SelfHoster::directory_foreach_func_set_sasl_context_static(
InfXmlConnection* connection,
gpointer user_data)
{
g_assert(INF_IS_XMPP_CONNECTION(connection));
SelfHoster* hoster = static_cast<SelfHoster*>(user_data);
inf_xmpp_connection_reset_sasl_authentication(
INF_XMPP_CONNECTION(connection),
hoster->m_sasl_context, hoster->get_sasl_mechanisms());
}
void Gobby::AuthCommands::browser_error_callback(InfcBrowser* browser,
GError* error)
{
// The Browser already displays errors inline, but we want
// auth-related error messages to show up in the status bar.
InfXmlConnection* connection = infc_browser_get_connection(browser);
g_assert(INF_IS_XMPP_CONNECTION(connection));
InfXmppConnection* xmpp = INF_XMPP_CONNECTION(connection);
RetryMap::iterator iter = m_retries.find(xmpp);
if(iter == m_retries.end())
iter = insert_retry_info(xmpp);
Glib::ustring& last_password(iter->second.last_password);
Glib::ustring old_password;
old_password.swap(last_password);
if(error->domain ==
g_quark_from_static_string("INF_XMPP_CONNECTION_AUTH_ERROR"))
{
// Authentication failed for some reason, maybe because the
// server aborted authentication. If we were querying a
// password then close the dialog now.
delete iter->second.password_dialog;
iter->second.password_dialog = NULL;
const GError* sasl_error =
inf_xmpp_connection_get_sasl_error(xmpp);
if(sasl_error != NULL &&
sasl_error->domain ==
inf_authentication_detail_error_quark())
{
handle_error_detail(xmpp, sasl_error,
old_password,
last_password);
}
else if(sasl_error != NULL)
{
show_error(sasl_error, m_statusbar, connection);
}
else
{
show_error(error, m_statusbar, connection);
}
}
else if(error->domain == inf_gsasl_error_quark())
{
show_error(error, m_statusbar, connection);
}
}
static void
infinoted_plugin_certificate_auth_connection_removed(InfXmlConnection* conn,
gpointer plugin_info,
gpointer session_info)
{
InfinotedPluginCertificateAuth* plugin;
InfXmppConnection* xmpp;
plugin = (InfinotedPluginCertificateAuth*)plugin_info;
if(INF_IS_XMPP_CONNECTION(conn))
{
xmpp = INF_XMPP_CONNECTION(conn);
inf_xmpp_connection_set_certificate_callback(
xmpp,
GNUTLS_CERT_IGNORE,
NULL,
NULL
);
}
}
static void
inf_gtk_certificate_manager_notify_status_cb(GObject* object,
GParamSpec* pspec,
gpointer user_data)
{
InfGtkCertificateManagerQuery* query;
InfGtkCertificateManagerPrivate* priv;
InfXmppConnection* connection;
InfXmlConnectionStatus status;
query = (InfGtkCertificateManagerQuery*)user_data;
priv = INF_GTK_CERTIFICATE_MANAGER_PRIVATE(query->manager);
connection = INF_XMPP_CONNECTION(object);
g_object_get(G_OBJECT(connection), "status", &status, NULL);
if(status == INF_XML_CONNECTION_CLOSING ||
status == INF_XML_CONNECTION_CLOSED)
{
priv->queries = g_slist_remove(priv->queries, query);
inf_gtk_certificate_manager_query_free(query);
}
}
static void
infinoted_startup_sasl_callback(InfSaslContextSession* session,
Gsasl_property prop,
gpointer session_data,
gpointer user_data)
{
InfinotedStartup* startup;
const char* username;
const char* password;
InfXmppConnection* xmpp;
gchar cmp;
gsize password_len;
gsize i;
#ifdef LIBINFINITY_HAVE_PAM
const gchar* pam_service;
GError* error;
#endif
gchar* remote_id;
xmpp = INF_XMPP_CONNECTION(session_data);
g_object_get(xmpp, "remote-id", &remote_id, NULL);
switch(prop)
{
case GSASL_VALIDATE_SIMPLE:
startup = (InfinotedStartup*)user_data;
username = inf_sasl_context_session_get_property(session, GSASL_AUTHID);
password = inf_sasl_context_session_get_property(session, GSASL_PASSWORD);
#ifdef LIBINFINITY_HAVE_PAM
pam_service = startup->options->pam_service;
if(pam_service != NULL)
{
error = NULL;
if(!infinoted_pam_authenticate(pam_service, username, password))
{
infinoted_log_warning(
startup->log,
_("User %s failed to log in from %s: PAM authentication failed"),
username,
remote_id
);
infinoted_startup_sasl_callback_set_error(
xmpp,
INF_AUTHENTICATION_DETAIL_ERROR_AUTHENTICATION_FAILED,
NULL
);
inf_sasl_context_session_continue(
session,
GSASL_AUTHENTICATION_ERROR
);
}
else if(!infinoted_pam_user_is_allowed(startup, username, &error))
{
infinoted_log_warning(
startup->log,
_("User %s failed to log in from %s: PAM user not allowed"),
username,
remote_id
);
infinoted_startup_sasl_callback_set_error(
xmpp,
INF_AUTHENTICATION_DETAIL_ERROR_USER_NOT_AUTHORIZED,
error
);
inf_sasl_context_session_continue(
session,
GSASL_AUTHENTICATION_ERROR
);
}
else
{
infinoted_log_info(
startup->log,
_("User %s logged in from %s via PAM"),
username,
remote_id
);
inf_sasl_context_session_continue(session, GSASL_OK);
}
}
else
#endif /* LIBINFINITY_HAVE_PAM */
{
g_assert(startup->options->password != NULL);
/* length-independent string compare */
cmp = 0;
password_len = strlen(password);
for(i = 0; i < startup->options->password_len; ++i)
{
if(i < password_len)
cmp |= (startup->options->password[i] ^ password[i]);
else
cmp |= (startup->options->password[i] ^ 0x00);
}
if(startup->options->password_len != password_len)
cmp |= 0xFF;
if(cmp == 0)
{
infinoted_log_info(
startup->log,
_("User %s logged in from %s via password"),
username,
remote_id
);
inf_sasl_context_session_continue(session, GSASL_OK);
}
else
{
infinoted_log_warning(
startup->log,
_("User %s failed to log in from %s: wrong password"),
username,
remote_id
);
infinoted_startup_sasl_callback_set_error(
xmpp,
INF_AUTHENTICATION_DETAIL_ERROR_AUTHENTICATION_FAILED,
NULL
);
inf_sasl_context_session_continue(
session,
GSASL_AUTHENTICATION_ERROR
);
}
}
break;
default:
inf_sasl_context_session_continue(session, GSASL_AUTHENTICATION_ERROR);
break;
}
g_free(remote_id);
}
