1 /*
2  * libjingle
3  * Copyright 2004--2005, Google Inc.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions are met:
7  *
8  *  1. Redistributions of source code must retain the above copyright notice,
9  *     this list of conditions and the following disclaimer.
10  *  2. Redistributions in binary form must reproduce the above copyright notice,
11  *     this list of conditions and the following disclaimer in the documentation
12  *     and/or other materials provided with the distribution.
13  *  3. The name of the author may not be used to endorse or promote products
14  *     derived from this software without specific prior written permission.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19  * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 #include "talk/examples/login/xmppauth.h"
29 
30 #include <algorithm>
31 
32 #include "talk/xmpp/saslcookiemechanism.h"
33 #include "talk/xmpp/saslplainmechanism.h"
34 
XmppAuth()35 XmppAuth::XmppAuth() : done_(false) {
36 }
37 
~XmppAuth()38 XmppAuth::~XmppAuth() {
39 }
40 
StartPreXmppAuth(const buzz::Jid & jid,const talk_base::SocketAddress & server,const talk_base::CryptString & pass,const std::string & auth_cookie)41 void XmppAuth::StartPreXmppAuth(const buzz::Jid & jid,
42                                 const talk_base::SocketAddress & server,
43                                 const talk_base::CryptString & pass,
44                                 const std::string & auth_cookie) {
45   jid_ = jid;
46   passwd_ = pass;
47   auth_cookie_ = auth_cookie;
48   done_ = true;
49 
50   SignalAuthDone();
51 }
52 
ChooseBestSaslMechanism(const std::vector<std::string> & mechanisms,bool encrypted)53 std::string XmppAuth::ChooseBestSaslMechanism(
54     const std::vector<std::string> & mechanisms,
55     bool encrypted) {
56   std::vector<std::string>::const_iterator it;
57 
58   // A token is the weakest auth - 15s, service-limited, so prefer it.
59   it = std::find(mechanisms.begin(), mechanisms.end(), "X-GOOGLE-TOKEN");
60   if (it != mechanisms.end() && !auth_cookie_.empty())
61     return "X-GOOGLE-TOKEN";
62 
63   // A cookie is the next weakest - 14 days.
64   it = std::find(mechanisms.begin(), mechanisms.end(), "X-GOOGLE-COOKIE");
65   if (it != mechanisms.end() && !auth_cookie_.empty())
66     return "X-GOOGLE-COOKIE";
67 
68   // As a last resort, use plain authentication.
69   it = std::find(mechanisms.begin(), mechanisms.end(), "PLAIN");
70   if (it != mechanisms.end())
71     return "PLAIN";
72 
73   // No good mechanism found
74  return "";
75 }
76 
CreateSaslMechanism(const std::string & mechanism)77 buzz::SaslMechanism* XmppAuth::CreateSaslMechanism(
78     const std::string & mechanism) {
79   if (mechanism == "X-GOOGLE-TOKEN") {
80     return new buzz::SaslCookieMechanism(mechanism, jid_.Str(), auth_cookie_);
81   //} else if (mechanism == "X-GOOGLE-COOKIE") {
82   //  return new buzz::SaslCookieMechanism(mechanism, jid.Str(), sid_);
83   } else if (mechanism == "PLAIN") {
84     return new buzz::SaslPlainMechanism(jid_, passwd_);
85   } else {
86     return NULL;
87   }
88 }
89