Fix for Issue 17: Authentication and stream security configuration options

author: Manjeet Dahiya <manjeetdahiya@gmail.com> 2009-10-21 08:33:09 +0000
committer: Manjeet Dahiya <manjeetdahiya@gmail.com> 2009-10-21 08:33:09 +0000
commit: 2fe5cfecf1d3cf7877fcb609b603add501db8732 (patch)
tree: bd0108c8d6583df57f77401bd2218539060b7487 /source/QXmppStream.cpp
parent: 5b4e1339866db3be97b00ee11cd19dfa0596efe1 (diff)
download: qxmpp-2fe5cfecf1d3cf7877fcb609b603add501db8732.tar.gz
1 files changed, 56 insertions, 7 deletions
diff --git a/source/QXmppStream.cpp b/source/QXmppStream.cpp
index cd5a52a9..895072d9 100644
--- a/source/QXmppStream.cpp
+++ b/source/QXmppStream.cpp
@@ -227,13 +227,42 @@ void QXmppStream::parser(const QByteArray& data)
                                      namespaceURI() == ns_sasl;
                 bool useSasl = getConfiguration().getUseSASLAuthentication();
 
-                if(nodeRecv.firstChildElement("starttls").
-                                     namespaceURI() == ns_tls &&
-                                     nodeRecv.firstChildElement("starttls").
+                if(nodeRecv.firstChildElement("starttls").namespaceURI()
+                    == ns_tls && !m_socket.isEncrypted())
+                {
+                    if(nodeRecv.firstChildElement("starttls").
                                      firstChildElement().tagName() == "required")
+                    {
+                        // TLS is must from the server side
+                        sendStartTls();
+                        return;
+                    }
+                    else
+                    {
+                        // TLS is optional from the server side
+                        switch(getConfiguration().getStreamSecurityMode())
+                        {
+                        case QXmppConfiguration::TLSEnabled:
+                        case QXmppConfiguration::TLSRequired:
+                            sendStartTls();
+                            return;
+                        case QXmppConfiguration::TLSDisabled:
+                            break;
+                        }
+                    }
+                }
+                else if(!m_socket.isEncrypted())    // TLS not supported by server
                 {
-                    sendStartTls();
-                    return;
+                    if(getConfiguration().getStreamSecurityMode() ==
+                       QXmppConfiguration::TLSRequired)
+                    {
+                        // disconnect as the for client TLS is compulsory but
+                        // not available on the server
+                        //
+                        log(QString("Disconnecting as TLS not available at the server"));
+                        disconnect();
+                        return;
+                    }
                 }
 
                 if((saslAvailable && nonSaslAvailable && !useSasl) ||
@@ -403,10 +432,29 @@ void QXmppStream::parser(const QByteArray& data)
                     {
                         if(type == "result")
                         {
+                            bool digest = !nodeRecv.firstChildElement("query").
+                                 firstChildElement("digest").isNull();
+                            bool plain = !nodeRecv.firstChildElement("query").
+                                 firstChildElement("password").isNull();
                             bool plainText = false;
-                            if ( nodeRecv.firstChildElement("query").
-                                 firstChildElement("digest").isNull() )
+
+                            if(plain && digest)
+                            {
+                                if(getConfiguration().getNonSASLAuthMechanism() ==
+                                   QXmppConfiguration::NonSASLDigest)
+                                    plainText = false;
+                                else
+                                    plainText = true;
+                            }
+                            else if(plain)
                                 plainText = true;
+                            else if(digest)
+                                plainText = false;
+                            else
+                            {
+                                //TODO Login error
+                                return;
+                            }
                             sendNonSASLAuth(plainText);
                         }
                     }
@@ -502,6 +550,7 @@ void QXmppStream::sendStartStream()
 
 void QXmppStream::sendToServer(const QByteArray& packet)
 {
+    log("CLIENT: " + packet);
     m_socket.write( packet );
 }
author	Manjeet Dahiya <manjeetdahiya@gmail.com>	2009-10-21 08:33:09 +0000
committer	Manjeet Dahiya <manjeetdahiya@gmail.com>	2009-10-21 08:33:09 +0000
commit	2fe5cfecf1d3cf7877fcb609b603add501db8732 (patch)
tree	bd0108c8d6583df57f77401bd2218539060b7487 /source/QXmppStream.cpp
parent	5b4e1339866db3be97b00ee11cd19dfa0596efe1 (diff)
download	qxmpp-2fe5cfecf1d3cf7877fcb609b603add501db8732.tar.gz