This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "emacs-jabber".
The branch, master has been updated
via b1cb3f7181f90abb5acbb37370e35cf91c7a4cdb (commit)
from b7797f15bbda577a2b7365e82734e3a5b0929fe0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b1cb3f7181f90abb5acbb37370e35cf91c7a4cdb
Author: Magnus Henoch <mag...@gm...>
Date: Fri May 23 09:53:43 2014 +0100
Validate additional data from server in SASL authentication
Some SASL mechanisms, e.g. SCRAM-SHA-1, specify that the server should
send additional data along with the success response. This data needs
to be validated by the client according to the SASL mechanism.
diff --git a/jabber-sasl.el b/jabber-sasl.el
index ce3fc2e..61d3c56 100644
--- a/jabber-sasl.el
+++ b/jabber-sasl.el
@@ -128,8 +128,29 @@ Call REMEMBER with the password. REMEMBER is expected to return it as well."
(fsm-send jc :authentication-failure))
((eq (car xml-data) 'success)
- (message "Authentication succeeded for %s" (jabber-connection-bare-jid jc))
- (fsm-send jc (cons :authentication-success passphrase))))
+ ;; The server might, depending on the mechanism, send
+ ;; "additional data" (see RFC 4422) with the <success/> element.
+ ;; Since some SASL mechanisms perform mutual authentication, we
+ ;; need to pass this data to sasl.el - we're not necessarily
+ ;; done just because the server says we're done.
+ (let* ((data (car (jabber-xml-node-children xml-data)))
+ (decoded (if data
+ (base64-decode-string data)
+ "")))
+ (sasl-step-set-data step decoded)
+ (condition-case e
+ (progn
+ ;; Check that sasl-next-step doesn't signal an error.
+ ;; TODO: once sasl.el allows it, check that all steps have
+ ;; been completed.
+ (sasl-next-step client step)
+ (message "Authentication succeeded for %s" (jabber-connection-bare-jid jc))
+ (fsm-send jc (cons :authentication-success passphrase)))
+ (sasl-error
+ (message "%s: authentication failure: %s"
+ (jabber-connection-bare-jid jc)
+ (error-message-string e))
+ (fsm-send jc :authentication-failure))))))
(list client step passphrase)))
(provide 'jabber-sasl)
-----------------------------------------------------------------------
Summary of changes:
jabber-sasl.el | 25 +++++++++++++++++++++++--
1 files changed, 23 insertions(+), 2 deletions(-)
hooks/post-receive
--
emacs-jabber
|
