From fbb662365a064889da25ce2c705568ca31f27af1 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Wed, 24 Jan 2018 14:04:32 +0300
Subject: xmpp: SASL EXTERNAL
---
.../com/juick/server/xmpp/s2s/ConnectionIn.java | 27 ++++++++++++++++++----
1 file changed, 22 insertions(+), 5 deletions(-)
(limited to 'juick-server/src/main/java/com/juick/server/xmpp/s2s/ConnectionIn.java')
diff --git a/juick-server/src/main/java/com/juick/server/xmpp/s2s/ConnectionIn.java b/juick-server/src/main/java/com/juick/server/xmpp/s2s/ConnectionIn.java
index 9ee81d4d..414c6d8b 100644
--- a/juick-server/src/main/java/com/juick/server/xmpp/s2s/ConnectionIn.java
+++ b/juick-server/src/main/java/com/juick/server/xmpp/s2s/ConnectionIn.java
@@ -34,6 +34,7 @@ import java.util.Arrays;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.CopyOnWriteArrayList;
+import java.util.stream.Collectors;
/**
* @author ugnich
@@ -118,11 +119,12 @@ public class ConnectionIn extends Connection implements Runnable {
if (valid[0]) {
sendStanza("");
logger.debug("stream from {} {} dialback verify valid", vfrom, streamID);
+ setAuthenticated(true);
} else {
sendStanza("");
logger.warn("stream from {} {} dialback verify invalid", vfrom, streamID);
}
- } else if (tag.equals("presence") && checkFromTo(parser)) {
+ } else if (tag.equals("presence") && checkFromTo(parser) && isAuthenticated()) {
String xml = XmlUtils.parseToString(parser, false);
logger.debug("stream {} presence: {}", streamID, xml);
xmpp.onStanzaReceived(xml);
@@ -132,7 +134,7 @@ public class ConnectionIn extends Connection implements Runnable {
logger.debug("stream {} message: {}", streamID, xml);
xmpp.onStanzaReceived(xml);
- } else if (tag.equals("iq") && checkFromTo(parser)) {
+ } else if (tag.equals("iq") && checkFromTo(parser) && isAuthenticated()) {
updateTsRemoteData();
String type = parser.getAttributeValue(null, "type");
String xml = XmlUtils.parseToString(parser, false);
@@ -140,10 +142,18 @@ public class ConnectionIn extends Connection implements Runnable {
logger.debug("stream {} iq: {}", streamID, xml);
xmpp.onStanzaReceived(xml);
}
- } else if (!isSecured() && tag.equals("starttls")) {
+ } else if (!isSecured() && tag.equals("starttls") && !isAuthenticated()) {
listener.starttls(this);
} else if (isSecured() && tag.equals("stream") && parser.getNamespace().equals(NS_STREAM)) {
sendOpenStream(null, true);
+ } else if (isSecured() && tag.equals("auth") && parser.getNamespace().equals(NS_SASL)
+ && parser.getAttributeValue(null, "mechanism").equals("EXTERNAL")
+ && !isAuthenticated() && isTrusted()) {
+ sendStanza("");
+ logger.info("stream {} authenticated externally", streamID);
+ this.from.add(Jid.of(from));
+ setAuthenticated(true);
+ restartParser();
} else if (tag.equals("error")) {
StreamError streamError = StreamError.parse(parser);
logger.debug("Stream error from {}: {}", streamID, streamError.getCondition());
@@ -178,8 +188,14 @@ public class ConnectionIn extends Connection implements Runnable {
xmpp.getJid().toEscapedString() + "' id='" + streamID + "' version='1.0'>";
if (xmppversionnew) {
openStream += "";
- if (listener != null && listener.isTlsAvailable() && !isSecured() && !Arrays.asList(xmpp.brokenSSLhosts).contains(from)) {
- openStream += "";
+ if (listener != null && listener.isTlsAvailable() && !Arrays.asList(xmpp.brokenSSLhosts).contains(from)) {
+ if (!isSecured()) {
+ openStream += "";
+ } else if (!isAuthenticated() && isTrusted()) {
+ openStream += "" +
+ "EXTERNAL" +
+ "";
+ }
}
openStream += "";
}
@@ -205,6 +221,7 @@ public class ConnectionIn extends Connection implements Runnable {
}
}
}
+ logger.warn("rejected from {}, to {}, stream {}", cfrom, cto, from.stream().collect(Collectors.joining(",")));
return false;
}
public void setListener(ConnectionListener listener) {
--
cgit v1.2.3