Similar fix as 9b339efbc1 ("Prevent password enforcement for SASL
anonymous") just for SASL GSSAPI. Fixes SMACK-920.
Fixes: 92f4aadfdc ("[sasl] Avoid mechanisms that need a password when none is available")
Smack did this for a long time, since eb56f8a55 ("GSSAPI work by Jay
Kline (SMACK-218)."). Not always in a static block though. But
irregardless this is bad practice as it causes side-effects and may
overrides settings.
For example, one users reports:
java.lang.SecurityException: java.io.IOException: gss.conf (No such file or directory)
at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137)
at sun.security.provider.ConfigFile.<init>(ConfigFile.java:102)
at sun.reflect.GeneratedConstructorAccessor119.newInstance(Unknown Source)
This adds the ability to provide a distinct authorization identifier for use
by SASL mechanisms. Not all SASL mechanisms support this operation, in
particular CRAM-MD5.
Both the javax and provided SASL implementations are extended, and an authzid
parameter added to the authenticate method.
The authorization identifier is passed as a EntityBareJid in order to assure the
correct form.
Resolves SMACK-677.
Minor-Modifications-By: Florian Schmaus <flo@geekplace.eu>
This commit marks an important milestone with the addition of the
smack-android subproject. Smack is now able to run native on Android
without requiring any modifications, which makes the aSmack build
environment obsolete.
It was necessary to redesign the code for SASL authentication to achieve
this. Smack now comes with smack-sasl-provided for SASL implementations
that do not rely on additional APIs like javax for platforms where those
APIs are not available like Android.
Florian Schmaus
Dave Cridland