mirror of
https://codeberg.org/Mercury-IM/Smack
synced 2024-12-23 04:57:58 +01:00
Don't set SASL authid parameter to username (SMACK-371)
RFC4616 states that if the authorization identity (authzid) parameter is null, then it is derived from the authentication identity (authcid). Smack currently sets both, authzid and authcid, to the username, resulting in auth attempts of userid\0userid\0password instead of userid\0password Which are different users on most systems (e.g. Kerberos). We now set only SASLMechanism.authenticationId to username. The authenticate(String, CallbackHandler) method does now not longer receive the username, as it's send by the CallbackHandler.
This commit is contained in:
parent
f7fc38e1f4
commit
a7ec0338bc
5 changed files with 9 additions and 13 deletions
|
@ -313,7 +313,7 @@ public class BOSHConnection extends Connection {
|
|||
if (password != null) {
|
||||
response = saslAuthentication.authenticate(username, password, resource);
|
||||
} else {
|
||||
response = saslAuthentication.authenticate(username, resource, config.getCallbackHandler());
|
||||
response = saslAuthentication.authenticate(resource, config.getCallbackHandler());
|
||||
}
|
||||
} else {
|
||||
throw new XMPPException("No non-anonymous SASL authentication mechanism available");
|
||||
|
|
|
@ -202,13 +202,12 @@ public class SASLAuthentication {
|
|||
* The server may assign a full JID with a username or resource different than the requested
|
||||
* by this method.
|
||||
*
|
||||
* @param username the username that is authenticating with the server.
|
||||
* @param resource the desired resource.
|
||||
* @param cbh the CallbackHandler used to get information from the user
|
||||
* @return the full JID provided by the server while binding a resource to the connection.
|
||||
* @throws XMPPException if an error occures while authenticating.
|
||||
*/
|
||||
public String authenticate(String username, String resource, CallbackHandler cbh)
|
||||
public String authenticate(String resource, CallbackHandler cbh)
|
||||
throws XMPPException {
|
||||
// Locate the SASLMechanism to use
|
||||
String selectedMechanism = null;
|
||||
|
@ -229,7 +228,7 @@ public class SASLAuthentication {
|
|||
// Trigger SASL authentication with the selected mechanism. We use
|
||||
// connection.getHost() since GSAPI requires the FQDN of the server, which
|
||||
// may not match the XMPP domain.
|
||||
currentMechanism.authenticate(username, connection.getHost(), cbh);
|
||||
currentMechanism.authenticate(connection.getHost(), cbh);
|
||||
|
||||
// Wait until SASL negotiation finishes
|
||||
synchronized (this) {
|
||||
|
|
|
@ -59,7 +59,7 @@ public class SASLGSSAPIMechanism extends SASLMechanism {
|
|||
String[] mechanisms = { getName() };
|
||||
Map<String,String> props = new HashMap<String,String>();
|
||||
props.put(Sasl.SERVER_AUTH,"TRUE");
|
||||
sc = Sasl.createSaslClient(mechanisms, username, "xmpp", host, props, cbh);
|
||||
sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, cbh);
|
||||
authenticate();
|
||||
}
|
||||
|
||||
|
@ -78,9 +78,8 @@ public class SASLGSSAPIMechanism extends SASLMechanism {
|
|||
String[] mechanisms = { getName() };
|
||||
Map<String,String> props = new HashMap<String, String>();
|
||||
props.put(Sasl.SERVER_AUTH,"TRUE");
|
||||
sc = Sasl.createSaslClient(mechanisms, username, "xmpp", host, props, this);
|
||||
sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, this);
|
||||
authenticate();
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -142,7 +142,7 @@ public abstract class SASLMechanism implements CallbackHandler {
|
|||
|
||||
String[] mechanisms = { getName() };
|
||||
Map<String,String> props = new HashMap<String,String>();
|
||||
sc = Sasl.createSaslClient(mechanisms, username, "xmpp", serviceName, props, this);
|
||||
sc = Sasl.createSaslClient(mechanisms, null, "xmpp", serviceName, props, this);
|
||||
authenticate();
|
||||
}
|
||||
|
||||
|
@ -150,16 +150,15 @@ public abstract class SASLMechanism implements CallbackHandler {
|
|||
* Builds and sends the <tt>auth</tt> stanza to the server. The callback handler will handle
|
||||
* any additional information, such as the authentication ID or realm, if it is needed.
|
||||
*
|
||||
* @param username the username of the user being authenticated.
|
||||
* @param host the hostname where the user account resides.
|
||||
* @param cbh the CallbackHandler to obtain user information.
|
||||
* @throws IOException If a network error occures while authenticating.
|
||||
* @throws XMPPException If a protocol error occurs or the user is not authenticated.
|
||||
*/
|
||||
public void authenticate(String username, String host, CallbackHandler cbh) throws IOException, XMPPException {
|
||||
public void authenticate(String host, CallbackHandler cbh) throws IOException, XMPPException {
|
||||
String[] mechanisms = { getName() };
|
||||
Map<String,String> props = new HashMap<String,String>();
|
||||
sc = Sasl.createSaslClient(mechanisms, username, "xmpp", host, props, cbh);
|
||||
sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, cbh);
|
||||
authenticate();
|
||||
}
|
||||
|
||||
|
|
|
@ -235,8 +235,7 @@ public class TCPConnection extends Connection {
|
|||
response = saslAuthentication.authenticate(username, password, resource);
|
||||
}
|
||||
else {
|
||||
response = saslAuthentication
|
||||
.authenticate(username, resource, config.getCallbackHandler());
|
||||
response = saslAuthentication.authenticate(resource, config.getCallbackHandler());
|
||||
}
|
||||
} else {
|
||||
throw new XMPPException("No non-anonymous SASL authentication mechanism available");
|
||||
|
|
Loading…
Reference in a new issue