WordPress.org
Get WordPress

Plugin Directory

Changeset 434713


Ignore:
Timestamp:
09/07/2011 03:09:03 PM (15 years ago)
Author:
Jehan
Message:
  • DIGEST-MD5 priority downgraded (as this is a deprecated mechanism.
  • Auth_SASL PEAR library now included into the plugin.

It also includes the new SCRAM support that I sent upstream a few days ago.

  • SCRAM is now supported by xmpp_stream.
Location:
xmpp-auth/trunk
Files:
11 added
3 edited

Legend:

Unmodified
Added
Removed

  • xmpp-auth/trunk/my_socket.php

    r429749 r434713  
    7272                return $cache[$addr];
    7373            }
     74            // XXX: do I want to unset and update the cache here?
     75            // Or I consider it should be taken care at next step?
    7476        }
    7577        // I check the existence because according to documentation,

  • xmpp-auth/trunk/readme.txt

    r429749 r434713  
    112112*Note for gentoo users*: you must set the 'xml' USE flag.
    113113
    114 * **Auth_SASL** *PEAR* module (`pear install Auth_SASL` or install with your
    115 distribution's package manager) for SASL authentication. For now, this
    116 dependency is mandatory. Maybe in some future will it become optional.
    117 
    118114* **OpenSSL** (> 0.9.6) must be installed on the server and PHP must be built
    119115with `--with-openssl`.
     
    134130
    135131This script has been tested only currently on Wordpress 3.2.1 up to Wordpress
    136 3.2.1 with PHP 5.3.5 up to PHP 5.3.6, running on a GNU/Linux 64 bits (Gentoo
     1323.2.1 with PHP 5.3.5 up to PHP 5.3.8, running on a GNU/Linux 64 bits (Gentoo
    137133Linux).
    138134Hopefully it should work with other software versions (not for PHP4, because
     
    281277  proposed in RFC-1035) and reorder cached data using failure and success
    282278  knowledge.
     279- PEAR Auth_SASL coded is included in the plugin, hence the dependency is no more.
     280- A patch has been sent upstream for SCRAM support.
    283281
    284282= 0.3 =
     
    314312= 0.4 =
    315313
    316 French localization available. DNS cached for improved performance.
     314French localization available. DNS cached for improved performance. SCRAM-* support added.
    317315
    318316= 0.3 =

  • xmpp-auth/trunk/xmpp_stream.php

    r429749 r434713  
    2121*/
    2222
    23 require_once('Auth/SASL/DigestMD5.php');
    24 require_once('Auth/SASL/Plain.php');
    25 require_once('Auth/SASL/CramMD5.php');
    26 require_once('Auth/SASL/Anonymous.php');
     23require_once(dirname(__FILE__) . '/Auth/SASL.php');
     24require_once(dirname(__FILE__) . '/Auth/SASL/DigestMD5.php');
     25require_once(dirname(__FILE__) . '/Auth/SASL/Plain.php');
     26require_once(dirname(__FILE__) . '/Auth/SASL/CramMD5.php');
     27require_once(dirname(__FILE__) . '/Auth/SASL/SCRAM.php');
     28//require_once('./Auth/SASL/Anonymous.php');
    2729$old_error_level = error_reporting(0);
    2830include_once "Net/DNS.php"; // For SRV Records. // Optional.
     
    5860    // The more securized, the preferred mechanism...
    5961    // For now will consider only the digest-md5 authentication.
    60     private $known_auth = array ('DIGEST-MD5' => 10, 'CRAM-MD5' => 7, 'PLAIN' => 4);
     62    private $known_auth = array ('DIGEST-MD5' => 6, 'CRAM-MD5' => 8, 'PLAIN' => 4, 'SCRAM-SHA-1' => 10);
    6163    private $chosen_mechanism = '';
    6264    private $use_tls = false;
     
    594596
    595597            }
    596             elseif ($this->chosen_mechanism == "CRAM-MD5")
    597             {
    598                 $sasl = new Auth_SASL_CramMD5 ();
    599                 $uncoded = $sasl->getResponse ($this->node, $this->password, $decoded_challenge);
    600                 // To be tested. Should the first argument be full jid or just username?
     598            elseif ($this->chosen_mechanism == "SCRAM-SHA-1")
     599            {
     600                // Apparently that never gets used!
     601                if (!isset($this->sasl))
     602                    $this->sasl = new Auth_SASL_SCRAM('SHA-1');
     603                $uncoded = $this->sasl->getResponse ($this->node, $this->password, $decoded_challenge);
    601604
    602605                $coded = base64_encode ($uncoded);
     
    610613                    return;
    611614                }
     615            }
     616            elseif ($this->chosen_mechanism == "CRAM-MD5")
     617            {
     618                $sasl = new Auth_SASL_CramMD5 ();
     619                $uncoded = $sasl->getResponse ($this->node, $this->password, $decoded_challenge);
     620                // To be tested. Should the first argument be full jid or just username?
     621
     622                $coded = base64_encode ($uncoded);
     623                $response = '<response xmlns=\'urn:ietf:params:xml:ns:xmpp-sasl\'>' . $coded . '</response>';
     624
     625                if (! $this->socket->send ($response))
     626                {
     627                    $this->last_error = __('Authentication failure: ', 'xmpp-auth');
     628                    $this->last_error .= $_socket->last_error;
     629                    $this->flags['authenticated'] = false;
     630                    return;
     631                }
    612632
    613633            }
     
    623643        elseif ($name == 'urn:ietf:params:xml:ns:xmpp-sasl:challenge')
    624644        {
     645            // Never gets here either.
    625646            unset ($this->flags['challenged_once']);
    626647            $response = '<response xmlns=\'urn:ietf:params:xml:ns:xmpp-sasl\'/>';
     
    725746                    $mechanism .= $coded . "</auth>";
    726747                }
     748                elseif ($this->chosen_mechanism == "SCRAM-SHA-1")
     749                {
     750                    // Apparently I don't come here!
     751                    if (!isset($this->sasl))
     752                        $this->sasl = new Auth_SASL_SCRAM('SHA-1');
     753                    $uncoded = $this->sasl->getResponse ($this->node, $this->password);
     754                    $coded = base64_encode ($uncoded);
     755
     756                    $mechanism = "<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='SCRAM-SHA-1'>";
     757                    $mechanism .= $coded . "</auth>";
     758                }
    727759                else
    728760                {
     
    755787            return;
    756788        }
    757         elseif ($name == 'urn:ietf:params:xml:ns:xmpp-sasl:challenge'
    758             && ! array_key_exists ('challenged_once', $this->flags))
     789        elseif ($name == 'urn:ietf:params:xml:ns:xmpp-sasl:challenge')
     790            //&& ! array_key_exists ('challenged_once', $this->flags))
    759791        {
    760792            // I get the challenge from cdata and decode it (base64).
     
    762794            if ($this->chosen_mechanism == "DIGEST-MD5")
    763795            {
    764                 $sasl = new Auth_SASL_DigestMD5 ();
    765                 $uncoded = $sasl->getResponse ($this->node, $this->password, $decoded_challenge, $this->domain, 'xmpp');
     796                if (array_key_exists ('challenged_once', $this->flags))
     797                    $uncoded = '';
     798                else
     799                {
     800                    $sasl = new Auth_SASL_DigestMD5 ();
     801                    $uncoded = $sasl->getResponse ($this->node, $this->password, $decoded_challenge, $this->domain, 'xmpp');
     802                }
     803            }
     804            elseif ($this->chosen_mechanism == "SCRAM-SHA-1")
     805            {
     806                if (!isset($this->sasl))
     807                    $this->sasl = new Auth_SASL_SCRAM('SHA-1');
     808                $uncoded = $this->sasl->getResponse ($this->node, $this->password, $decoded_challenge);
    766809            }
    767810            elseif ($this->chosen_mechanism == "CRAM-MD5")
     
    844887                    $mechanism .= $coded . "</auth>";
    845888                }
     889                elseif ($this->chosen_mechanism == "SCRAM-SHA-1")
     890                {
     891                    if (!isset($this->sasl))
     892                    {
     893                        //$this->sasl = new Auth_SASL_SCRAM('SHA-1');
     894                        $sasl = new Auth_SASL();
     895                        $this->sasl = $sasl->factory('SCRAM-SHA-1');
     896                    }
     897                    $uncoded = $this->sasl->getResponse ($this->node, $this->password);
     898                    $coded = base64_encode ($uncoded);
     899
     900                    $mechanism = "<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='SCRAM-SHA-1'>";
     901                    $mechanism .= $coded . "</auth>";
     902                }
    846903                else
    847904                {
Note: See TracChangeset for help on using the changeset viewer.