--- /tmp/jabberd-2.1.24.1/c2s/authreg.c 2008-04-27 02:57:20.000000000 -0700 +++ ./jabberd2/c2s/authreg.c 2008-11-24 14:21:54.000000000 -0800 @@ -119,7 +119,7 @@ void authreg_free(authreg_t ar) { /** auth get handler */ static void _authreg_auth_get(c2s_t c2s, sess_t sess, nad_t nad) { - int ns, elem, attr; + int ns, elem, attr, err; char username[1024], id[128]; int ar_mechs; @@ -152,8 +152,8 @@ static void _authreg_auth_get(c2s_t c2s, if (sess->s->ssf>0) ar_mechs = ar_mechs | c2s->ar_ssl_mechanisms; - /* no point going on if we have no mechanisms */ - if(!(ar_mechs & (AR_MECH_TRAD_PLAIN | AR_MECH_TRAD_DIGEST))) { + /* no point going on if we have no mechanisms (Apple: added CRAM-MD5 check) */ + if(!(ar_mechs & (AR_MECH_TRAD_PLAIN | AR_MECH_TRAD_DIGEST | AR_MECH_TRAD_CRAMMD5))) { sx_nad_write(sess->s, stanza_tofrom(stanza_error(nad, 0, stanza_err_FORBIDDEN), 0)); return; } @@ -197,6 +197,19 @@ static void _authreg_auth_get(c2s_t c2s, if(ar_mechs & AR_MECH_TRAD_DIGEST && c2s->ar->get_password != NULL) nad_append_elem(nad, ns, "digest", 2); + if (ar_mechs & AR_MECH_TRAD_CRAMMD5 && c2s->ar->create_challenge != NULL) { + err = (c2s->ar->create_challenge)(c2s->ar, (char *) username, (char *) sess->auth_challenge, sizeof(sess->auth_challenge)); + if (0 == err) { /* operation failed */ + sx_nad_write(sess->s, stanza_tofrom(stanza_error(nad, 0, stanza_err_INTERNAL_SERVER_ERROR), 0)); + return; + } + else if (1 == err) { /* operation succeeded */ + nad_append_elem(nad, ns, "crammd5", 2); + nad_append_attr(nad, -1, "challenge", sess->auth_challenge); + } + else ; /* auth method unsupported for user */ + } + /* give it back to the client */ sx_nad_write(sess->s, nad); @@ -258,7 +271,7 @@ static void _authreg_auth_set(c2s_t c2s, ar_mechs = ar_mechs | c2s->ar_ssl_mechanisms; /* no point going on if we have no mechanisms */ - if(!(ar_mechs & (AR_MECH_TRAD_PLAIN | AR_MECH_TRAD_DIGEST))) { + if(!(ar_mechs & (AR_MECH_TRAD_PLAIN | AR_MECH_TRAD_DIGEST | AR_MECH_TRAD_CRAMMD5))) { sx_nad_write(sess->s, stanza_tofrom(stanza_error(nad, 0, stanza_err_FORBIDDEN), 0)); return; } @@ -269,6 +282,22 @@ static void _authreg_auth_set(c2s_t c2s, return; } + /* Apple: handle CRAM-MD5 response */ + if(!authd && ar_mechs & AR_MECH_TRAD_CRAMMD5 && c2s->ar->check_response != NULL) + { + elem = nad_find_elem(nad, 1, ns, "crammd5", 1); + if(elem >= 0) + { + snprintf(str, 1024, "%.*s", NAD_CDATA_L(nad, elem), NAD_CDATA(nad, elem)); + if((c2s->ar->check_response)(c2s->ar, username, sess->host->realm, sess->auth_challenge, str) == 0) + { + log_debug(ZONE, "crammd5 auth (check) succeded"); + authd = 1; + } + } + } + + /* digest auth */ if(!authd && ar_mechs & AR_MECH_TRAD_DIGEST && c2s->ar->get_password != NULL) {