mark account with incompatible server when no sasl mechansim could be found
This commit is contained in:
parent
48e8e0f1fc
commit
c4bfffe6a9
|
@ -581,26 +581,31 @@ public class XmppConnection implements Runnable {
|
||||||
} else if (mechanisms.contains("DIGEST-MD5")) {
|
} else if (mechanisms.contains("DIGEST-MD5")) {
|
||||||
saslMechanism = new DigestMd5(tagWriter, account, mXmppConnectionService.getRNG());
|
saslMechanism = new DigestMd5(tagWriter, account, mXmppConnectionService.getRNG());
|
||||||
}
|
}
|
||||||
final JSONObject keys = account.getKeys();
|
if (saslMechanism != null) {
|
||||||
try {
|
final JSONObject keys = account.getKeys();
|
||||||
if (keys.has(Account.PINNED_MECHANISM_KEY) &&
|
try {
|
||||||
keys.getInt(Account.PINNED_MECHANISM_KEY) > saslMechanism.getPriority() ) {
|
if (keys.has(Account.PINNED_MECHANISM_KEY) &&
|
||||||
Log.e(Config.LOGTAG, "Auth failed. Authentication mechanism " + saslMechanism.getMechanism() +
|
keys.getInt(Account.PINNED_MECHANISM_KEY) > saslMechanism.getPriority()) {
|
||||||
" has lower priority (" + String.valueOf(saslMechanism.getPriority()) +
|
Log.e(Config.LOGTAG, "Auth failed. Authentication mechanism " + saslMechanism.getMechanism() +
|
||||||
") than pinned priority (" + keys.getInt(Account.PINNED_MECHANISM_KEY) +
|
" has lower priority (" + String.valueOf(saslMechanism.getPriority()) +
|
||||||
"). Possible downgrade attack?");
|
") than pinned priority (" + keys.getInt(Account.PINNED_MECHANISM_KEY) +
|
||||||
disconnect(true);
|
"). Possible downgrade attack?");
|
||||||
changeStatus(Account.State.SECURITY_ERROR);
|
disconnect(true);
|
||||||
}
|
changeStatus(Account.State.SECURITY_ERROR);
|
||||||
} catch (final JSONException e) {
|
}
|
||||||
Log.d(Config.LOGTAG, "Parse error while checking pinned auth mechanism");
|
} catch (final JSONException e) {
|
||||||
|
Log.d(Config.LOGTAG, "Parse error while checking pinned auth mechanism");
|
||||||
|
}
|
||||||
|
Log.d(Config.LOGTAG, account.getJid().toString() + ": Authenticating with " + saslMechanism.getMechanism());
|
||||||
|
auth.setAttribute("mechanism", saslMechanism.getMechanism());
|
||||||
|
if (!saslMechanism.getClientFirstMessage().isEmpty()) {
|
||||||
|
auth.setContent(saslMechanism.getClientFirstMessage());
|
||||||
|
}
|
||||||
|
tagWriter.writeElement(auth);
|
||||||
|
} else {
|
||||||
|
disconnect(true);
|
||||||
|
changeStatus(Account.State.INCOMPATIBLE_SERVER);
|
||||||
}
|
}
|
||||||
Log.d(Config.LOGTAG,account.getJid().toString()+": Authenticating with " + saslMechanism.getMechanism());
|
|
||||||
auth.setAttribute("mechanism", saslMechanism.getMechanism());
|
|
||||||
if (!saslMechanism.getClientFirstMessage().isEmpty()) {
|
|
||||||
auth.setContent(saslMechanism.getClientFirstMessage());
|
|
||||||
}
|
|
||||||
tagWriter.writeElement(auth);
|
|
||||||
} else if (this.streamFeatures.hasChild("sm", "urn:xmpp:sm:"
|
} else if (this.streamFeatures.hasChild("sm", "urn:xmpp:sm:"
|
||||||
+ smVersion)
|
+ smVersion)
|
||||||
&& streamId != null) {
|
&& streamId != null) {
|
||||||
|
|
Loading…
Reference in New Issue