lib/xmpp4r/sasl.rb in xmpp4r-0.4 vs lib/xmpp4r/sasl.rb in xmpp4r-0.5
- old
+ new
@@ -120,21 +120,23 @@
res = {}
state = :key
key = ''
value = ''
-
text.scan(/./) do |ch|
if state == :key
if ch == '='
state = :value
else
key += ch
end
elsif state == :value
if ch == ','
+ # due to our home-made parsing of the challenge, the key could have
+ # leading whitespace. strip it, or that would break jabberd2 support.
+ key = key.strip
res[key] = value
key = ''
value = ''
state = :key
elsif ch == '"' and value == ''
@@ -149,13 +151,16 @@
else
value += ch
end
end
end
+ # due to our home-made parsing of the challenge, the key could have
+ # leading whitespace. strip it, or that would break jabberd2 support.
+ key = key.strip
res[key] = value unless key == ''
- Jabber::debuglog("SASL DIGEST-MD5 challenge:\n#{text.inspect}\n#{res.inspect}")
+ Jabber::debuglog("SASL DIGEST-MD5 challenge:\n#{text}\n#{res.inspect}")
res
end
##
@@ -170,19 +175,19 @@
response['realm'] = @realm || @stream.jid.domain
response['cnonce'] = generate_nonce
response['nc'] = '00000001'
response['qop'] = 'auth'
response['digest-uri'] = "xmpp/#{@stream.jid.domain}"
- response['response'] = response_value(@stream.jid.node, @stream.jid.domain, response['digest-uri'], password, @nonce, response['cnonce'], response['qop'])
+ response['response'] = response_value(@stream.jid.node, @stream.jid.domain, response['digest-uri'], password, @nonce, response['cnonce'], response['qop'], response['authzid'])
response.each { |key,value|
unless %w(nc qop response charset).include? key
response[key] = "\"#{value}\""
end
}
response_text = response.collect { |k,v| "#{k}=#{v}" }.join(',')
- Jabber::debuglog("SASL DIGEST-MD5 response:\n#{response_text}")
+ Jabber::debuglog("SASL DIGEST-MD5 response:\n#{response_text}\n#{response.inspect}")
r = REXML::Element.new('response')
r.add_namespace NS_SASL
r.text = Base64::encode64(response_text).gsub(/\s/, '')
@@ -222,16 +227,22 @@
# Function from RFC2831
def hh(s); Digest::MD5.hexdigest(s); end
##
# Calculate the value for the response field
- def response_value(username, realm, digest_uri, passwd, nonce, cnonce, qop)
+ def response_value(username, realm, digest_uri, passwd, nonce, cnonce, qop, authzid)
a1_h = h("#{username}:#{realm}:#{passwd}")
a1 = "#{a1_h}:#{nonce}:#{cnonce}"
- #a2 = "AUTHENTICATE:#{digest_uri}#{(qop == 'auth') ? '' : ':00000000000000000000000000000000'}"
- a2 = "AUTHENTICATE:#{digest_uri}"
-
+ if authzid
+ a1 += ":#{authzid}"
+ end
+ if qop == 'auth-int' || qop == 'auth-conf'
+ a2 = "AUTHENTICATE:#{digest_uri}:00000000000000000000000000000000"
+ else
+ a2 = "AUTHENTICATE:#{digest_uri}"
+ end
hh("#{hh(a1)}:#{nonce}:00000001:#{cnonce}:#{qop}:#{hh(a2)}")
end
end
end
end
+