mark account with incompatible server when no sasl mechansim could be found

This commit is contained in:
Daniel Gultsch 2015-05-02 12:10:56 +02:00
parent ecd3634c91
commit 9cc8ba320f

View file

@ -581,26 +581,31 @@ public class XmppConnection implements Runnable {
} else if (mechanisms.contains("DIGEST-MD5")) { } else if (mechanisms.contains("DIGEST-MD5")) {
saslMechanism = new DigestMd5(tagWriter, account, mXmppConnectionService.getRNG()); saslMechanism = new DigestMd5(tagWriter, account, mXmppConnectionService.getRNG());
} }
final JSONObject keys = account.getKeys(); if (saslMechanism != null) {
try { final JSONObject keys = account.getKeys();
if (keys.has(Account.PINNED_MECHANISM_KEY) && try {
keys.getInt(Account.PINNED_MECHANISM_KEY) > saslMechanism.getPriority() ) { if (keys.has(Account.PINNED_MECHANISM_KEY) &&
Log.e(Config.LOGTAG, "Auth failed. Authentication mechanism " + saslMechanism.getMechanism() + keys.getInt(Account.PINNED_MECHANISM_KEY) > saslMechanism.getPriority()) {
" has lower priority (" + String.valueOf(saslMechanism.getPriority()) + Log.e(Config.LOGTAG, "Auth failed. Authentication mechanism " + saslMechanism.getMechanism() +
") than pinned priority (" + keys.getInt(Account.PINNED_MECHANISM_KEY) + " has lower priority (" + String.valueOf(saslMechanism.getPriority()) +
"). Possible downgrade attack?"); ") than pinned priority (" + keys.getInt(Account.PINNED_MECHANISM_KEY) +
disconnect(true); "). Possible downgrade attack?");
changeStatus(Account.State.SECURITY_ERROR); disconnect(true);
} changeStatus(Account.State.SECURITY_ERROR);
} catch (final JSONException e) { }
Log.d(Config.LOGTAG, "Parse error while checking pinned auth mechanism"); } catch (final JSONException e) {
Log.d(Config.LOGTAG, "Parse error while checking pinned auth mechanism");
}
Log.d(Config.LOGTAG, account.getJid().toString() + ": Authenticating with " + saslMechanism.getMechanism());
auth.setAttribute("mechanism", saslMechanism.getMechanism());
if (!saslMechanism.getClientFirstMessage().isEmpty()) {
auth.setContent(saslMechanism.getClientFirstMessage());
}
tagWriter.writeElement(auth);
} else {
disconnect(true);
changeStatus(Account.State.INCOMPATIBLE_SERVER);
} }
Log.d(Config.LOGTAG,account.getJid().toString()+": Authenticating with " + saslMechanism.getMechanism());
auth.setAttribute("mechanism", saslMechanism.getMechanism());
if (!saslMechanism.getClientFirstMessage().isEmpty()) {
auth.setContent(saslMechanism.getClientFirstMessage());
}
tagWriter.writeElement(auth);
} else if (this.streamFeatures.hasChild("sm", "urn:xmpp:sm:" } else if (this.streamFeatures.hasChild("sm", "urn:xmpp:sm:"
+ smVersion) + smVersion)
&& streamId != null) { && streamId != null) {