diff options
Diffstat (limited to 'juick-server/src/main/java/com/juick/server/xmpp/s2s/ConnectionIn.java')
| -rw-r--r-- | juick-server/src/main/java/com/juick/server/xmpp/s2s/ConnectionIn.java | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/juick-server/src/main/java/com/juick/server/xmpp/s2s/ConnectionIn.java b/juick-server/src/main/java/com/juick/server/xmpp/s2s/ConnectionIn.java index 9ee81d4d..414c6d8b 100644 --- a/juick-server/src/main/java/com/juick/server/xmpp/s2s/ConnectionIn.java +++ b/juick-server/src/main/java/com/juick/server/xmpp/s2s/ConnectionIn.java @@ -34,6 +34,7 @@ import java.util.Arrays; import java.util.List; import java.util.UUID; import java.util.concurrent.CopyOnWriteArrayList; +import java.util.stream.Collectors; /** * @author ugnich @@ -118,11 +119,12 @@ public class ConnectionIn extends Connection implements Runnable { if (valid[0]) { sendStanza("<db:verify from='" + vto + "' to='" + vfrom + "' id='" + vid + "' type='valid'/>"); logger.debug("stream from {} {} dialback verify valid", vfrom, streamID); + setAuthenticated(true); } else { sendStanza("<db:verify from='" + vto + "' to='" + vfrom + "' id='" + vid + "' type='invalid'/>"); logger.warn("stream from {} {} dialback verify invalid", vfrom, streamID); } - } else if (tag.equals("presence") && checkFromTo(parser)) { + } else if (tag.equals("presence") && checkFromTo(parser) && isAuthenticated()) { String xml = XmlUtils.parseToString(parser, false); logger.debug("stream {} presence: {}", streamID, xml); xmpp.onStanzaReceived(xml); @@ -132,7 +134,7 @@ public class ConnectionIn extends Connection implements Runnable { logger.debug("stream {} message: {}", streamID, xml); xmpp.onStanzaReceived(xml); - } else if (tag.equals("iq") && checkFromTo(parser)) { + } else if (tag.equals("iq") && checkFromTo(parser) && isAuthenticated()) { updateTsRemoteData(); String type = parser.getAttributeValue(null, "type"); String xml = XmlUtils.parseToString(parser, false); @@ -140,10 +142,18 @@ public class ConnectionIn extends Connection implements Runnable { logger.debug("stream {} iq: {}", streamID, xml); xmpp.onStanzaReceived(xml); } - } else if (!isSecured() && tag.equals("starttls")) { + } else if (!isSecured() && tag.equals("starttls") && !isAuthenticated()) { listener.starttls(this); } else if (isSecured() && tag.equals("stream") && parser.getNamespace().equals(NS_STREAM)) { sendOpenStream(null, true); + } else if (isSecured() && tag.equals("auth") && parser.getNamespace().equals(NS_SASL) + && parser.getAttributeValue(null, "mechanism").equals("EXTERNAL") + && !isAuthenticated() && isTrusted()) { + sendStanza("<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>"); + logger.info("stream {} authenticated externally", streamID); + this.from.add(Jid.of(from)); + setAuthenticated(true); + restartParser(); } else if (tag.equals("error")) { StreamError streamError = StreamError.parse(parser); logger.debug("Stream error from {}: {}", streamID, streamError.getCondition()); @@ -178,8 +188,14 @@ public class ConnectionIn extends Connection implements Runnable { xmpp.getJid().toEscapedString() + "' id='" + streamID + "' version='1.0'>"; if (xmppversionnew) { openStream += "<stream:features>"; - if (listener != null && listener.isTlsAvailable() && !isSecured() && !Arrays.asList(xmpp.brokenSSLhosts).contains(from)) { - openStream += "<starttls xmlns=\"" + NS_TLS + "\"><optional/></starttls>"; + if (listener != null && listener.isTlsAvailable() && !Arrays.asList(xmpp.brokenSSLhosts).contains(from)) { + if (!isSecured()) { + openStream += "<starttls xmlns='" + NS_TLS + "'><optional/></starttls>"; + } else if (!isAuthenticated() && isTrusted()) { + openStream += "<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>" + + "<mechanism>EXTERNAL</mechanism>" + + "</mechanisms>"; + } } openStream += "</stream:features>"; } @@ -205,6 +221,7 @@ public class ConnectionIn extends Connection implements Runnable { } } } + logger.warn("rejected from {}, to {}, stream {}", cfrom, cto, from.stream().collect(Collectors.joining(","))); return false; } public void setListener(ConnectionListener listener) { |