[SCM] emacs-jabber branch, master, updated. b1cb3f7181f90abb5acbb37370e35cf91c7a4cdb

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "emacs-jabber".

The branch, master has been updated
       via  b1cb3f7181f90abb5acbb37370e35cf91c7a4cdb (commit)
      from  b7797f15bbda577a2b7365e82734e3a5b0929fe0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b1cb3f7181f90abb5acbb37370e35cf91c7a4cdb
Author: Magnus Henoch <mag...@gm...>
Date:   Fri May 23 09:53:43 2014 +0100

    Validate additional data from server in SASL authentication
    
    Some SASL mechanisms, e.g. SCRAM-SHA-1, specify that the server should
    send additional data along with the success response.  This data needs
    to be validated by the client according to the SASL mechanism.

diff --git a/jabber-sasl.el b/jabber-sasl.el
index ce3fc2e..61d3c56 100644
--- a/jabber-sasl.el
+++ b/jabber-sasl.el
@@ -128,8 +128,29 @@ Call REMEMBER with the password.  REMEMBER is expected to return it as well."
       (fsm-send jc :authentication-failure))
 
      ((eq (car xml-data) 'success)
-      (message "Authentication succeeded for %s" (jabber-connection-bare-jid jc))
-      (fsm-send jc (cons :authentication-success passphrase))))
+      ;; The server might, depending on the mechanism, send
+      ;; "additional data" (see RFC 4422) with the <success/> element.
+      ;; Since some SASL mechanisms perform mutual authentication, we
+      ;; need to pass this data to sasl.el - we're not necessarily
+      ;; done just because the server says we're done.
+      (let* ((data (car (jabber-xml-node-children xml-data)))
+	     (decoded (if data
+			  (base64-decode-string data)
+			"")))
+	(sasl-step-set-data step decoded)
+	(condition-case e
+	    (progn
+	      ;; Check that sasl-next-step doesn't signal an error.
+	      ;; TODO: once sasl.el allows it, check that all steps have
+	      ;; been completed.
+	      (sasl-next-step client step)
+	      (message "Authentication succeeded for %s" (jabber-connection-bare-jid jc))
+	      (fsm-send jc (cons :authentication-success passphrase)))
+	  (sasl-error
+	   (message "%s: authentication failure: %s"
+		    (jabber-connection-bare-jid jc)
+		    (error-message-string e))
+	   (fsm-send jc :authentication-failure))))))
     (list client step passphrase)))
 
 (provide 'jabber-sasl)

-----------------------------------------------------------------------

Summary of changes:
 jabber-sasl.el |   25 +++++++++++++++++++++++--
 1 files changed, 23 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
emacs-jabber


