From a7ec0338bc95c37774659378c34bb05578db3a19 Mon Sep 17 00:00:00 2001
From: Florian Schmaus <flo@geekplace.eu>
Date: Sun, 2 Mar 2014 14:21:21 +0100
Subject: [PATCH] Don't set SASL authid parameter to username (SMACK-371)

RFC4616 states that if the authorization identity (authzid) parameter is
null, then it is derived from the authentication
identity (authcid). Smack currently sets both, authzid and authcid, to
the username, resulting in auth attempts of

userid\0userid\0password

instead of

userid\0password

Which are different users on most systems (e.g. Kerberos).

We now set only SASLMechanism.authenticationId to username. The
authenticate(String, CallbackHandler) method does now not longer receive
the username, as it's send by the CallbackHandler.
---
 .../main/java/org/jivesoftware/smack/BOSHConnection.java   | 2 +-
 .../java/org/jivesoftware/smack/SASLAuthentication.java    | 5 ++---
 .../org/jivesoftware/smack/sasl/SASLGSSAPIMechanism.java   | 5 ++---
 .../java/org/jivesoftware/smack/sasl/SASLMechanism.java    | 7 +++----
 .../main/java/org/jivesoftware/smack/TCPConnection.java    | 3 +--
 5 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/bosh/src/main/java/org/jivesoftware/smack/BOSHConnection.java b/bosh/src/main/java/org/jivesoftware/smack/BOSHConnection.java
index 18ab2d7be..52c3dd108 100644
--- a/bosh/src/main/java/org/jivesoftware/smack/BOSHConnection.java
+++ b/bosh/src/main/java/org/jivesoftware/smack/BOSHConnection.java
@@ -313,7 +313,7 @@ public class BOSHConnection extends Connection {
             if (password != null) {
                 response = saslAuthentication.authenticate(username, password, resource);
             } else {
-                response = saslAuthentication.authenticate(username, resource, config.getCallbackHandler());
+                response = saslAuthentication.authenticate(resource, config.getCallbackHandler());
             }
         } else {
             throw new XMPPException("No non-anonymous SASL authentication mechanism available");
diff --git a/core/src/main/java/org/jivesoftware/smack/SASLAuthentication.java b/core/src/main/java/org/jivesoftware/smack/SASLAuthentication.java
index bd6be9f78..0665521c1 100644
--- a/core/src/main/java/org/jivesoftware/smack/SASLAuthentication.java
+++ b/core/src/main/java/org/jivesoftware/smack/SASLAuthentication.java
@@ -202,13 +202,12 @@ public class SASLAuthentication {
      * The server may assign a full JID with a username or resource different than the requested
      * by this method.
      *
-     * @param username the username that is authenticating with the server.
      * @param resource the desired resource.
      * @param cbh the CallbackHandler used to get information from the user
      * @return the full JID provided by the server while binding a resource to the connection.
      * @throws XMPPException if an error occures while authenticating.
      */
-    public String authenticate(String username, String resource, CallbackHandler cbh) 
+    public String authenticate(String resource, CallbackHandler cbh)
             throws XMPPException {
         // Locate the SASLMechanism to use
         String selectedMechanism = null;
@@ -229,7 +228,7 @@ public class SASLAuthentication {
                 // Trigger SASL authentication with the selected mechanism. We use
                 // connection.getHost() since GSAPI requires the FQDN of the server, which
                 // may not match the XMPP domain.
-                currentMechanism.authenticate(username, connection.getHost(), cbh);
+                currentMechanism.authenticate(connection.getHost(), cbh);
 
                 // Wait until SASL negotiation finishes
                 synchronized (this) {
diff --git a/core/src/main/java/org/jivesoftware/smack/sasl/SASLGSSAPIMechanism.java b/core/src/main/java/org/jivesoftware/smack/sasl/SASLGSSAPIMechanism.java
index 78f0fac10..658b14b6d 100644
--- a/core/src/main/java/org/jivesoftware/smack/sasl/SASLGSSAPIMechanism.java
+++ b/core/src/main/java/org/jivesoftware/smack/sasl/SASLGSSAPIMechanism.java
@@ -59,7 +59,7 @@ public class SASLGSSAPIMechanism extends SASLMechanism {
         String[] mechanisms = { getName() };
         Map<String,String> props = new HashMap<String,String>();
         props.put(Sasl.SERVER_AUTH,"TRUE");
-        sc = Sasl.createSaslClient(mechanisms, username, "xmpp", host, props, cbh);
+        sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, cbh);
         authenticate();
     }
 
@@ -78,9 +78,8 @@ public class SASLGSSAPIMechanism extends SASLMechanism {
         String[] mechanisms = { getName() };
         Map<String,String> props = new HashMap<String, String>();
         props.put(Sasl.SERVER_AUTH,"TRUE");
-        sc = Sasl.createSaslClient(mechanisms, username, "xmpp", host, props, this);
+        sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, this);
         authenticate();
     }
 
-
 }
diff --git a/core/src/main/java/org/jivesoftware/smack/sasl/SASLMechanism.java b/core/src/main/java/org/jivesoftware/smack/sasl/SASLMechanism.java
index 6a63f1cc8..e46512d95 100644
--- a/core/src/main/java/org/jivesoftware/smack/sasl/SASLMechanism.java
+++ b/core/src/main/java/org/jivesoftware/smack/sasl/SASLMechanism.java
@@ -142,7 +142,7 @@ public abstract class SASLMechanism implements CallbackHandler {
 
         String[] mechanisms = { getName() };
         Map<String,String> props = new HashMap<String,String>();
-        sc = Sasl.createSaslClient(mechanisms, username, "xmpp", serviceName, props, this);
+        sc = Sasl.createSaslClient(mechanisms, null, "xmpp", serviceName, props, this);
         authenticate();
     }
 
@@ -150,16 +150,15 @@ public abstract class SASLMechanism implements CallbackHandler {
      * Builds and sends the <tt>auth</tt> stanza to the server. The callback handler will handle
      * any additional information, such as the authentication ID or realm, if it is needed.
      *
-     * @param username the username of the user being authenticated.
      * @param host     the hostname where the user account resides.
      * @param cbh      the CallbackHandler to obtain user information.
      * @throws IOException If a network error occures while authenticating.
      * @throws XMPPException If a protocol error occurs or the user is not authenticated.
      */
-    public void authenticate(String username, String host, CallbackHandler cbh) throws IOException, XMPPException {
+    public void authenticate(String host, CallbackHandler cbh) throws IOException, XMPPException {
         String[] mechanisms = { getName() };
         Map<String,String> props = new HashMap<String,String>();
-        sc = Sasl.createSaslClient(mechanisms, username, "xmpp", host, props, cbh);
+        sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, cbh);
         authenticate();
     }
 
diff --git a/tcp/src/main/java/org/jivesoftware/smack/TCPConnection.java b/tcp/src/main/java/org/jivesoftware/smack/TCPConnection.java
index 2431200ed..46aa45555 100644
--- a/tcp/src/main/java/org/jivesoftware/smack/TCPConnection.java
+++ b/tcp/src/main/java/org/jivesoftware/smack/TCPConnection.java
@@ -235,8 +235,7 @@ public class TCPConnection extends Connection {
                 response = saslAuthentication.authenticate(username, password, resource);
             }
             else {
-                response = saslAuthentication
-                        .authenticate(username, resource, config.getCallbackHandler());
+                response = saslAuthentication.authenticate(resource, config.getCallbackHandler());
             }
         } else {
             throw new XMPPException("No non-anonymous SASL authentication mechanism available");