diff -Naur ./openfire_src.org/src/java/org/jivesoftware/openfire/net/SASLAuthentication.java ./openfire_src.new/src/java/org/jivesoftware/openfire/net/SASLAuthentication.java --- ./openfire_src.org/src/java/org/jivesoftware/openfire/net/SASLAuthentication.java 2008-04-24 17:28:58.000000000 +0300 +++ ./openfire_src.new/src/java/org/jivesoftware/openfire/net/SASLAuthentication.java 2008-06-09 17:27:32.671875000 +0300 @@ -38,6 +38,7 @@ import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.*; +import java.net.UnknownHostException; /** * SASLAuthentication is responsible for returning the available SASL mechanisms to use and for @@ -396,6 +397,32 @@ private static Status doAnonymousAuthentication(LocalSession session) { if (XMPPServer.getInstance().getIQAuthHandler().isAnonymousAllowed()) { + boolean forbidAccess = false; + try { + + String hostAddress = "Unknown"; + hostAddress = session.getConnection().getHostAddress(); + if (!LocalClientSession.getAllowedAnonymIPs().isEmpty() && + !LocalClientSession.getAllowedAnonymIPs().containsKey(hostAddress)) { + byte[] address = session.getConnection().getAddress(); + String range1 = (address[0] & 0xff) + "." + (address[1] & 0xff) + "." + + (address[2] & 0xff) + + ".*"; + String range2 = (address[0] & 0xff) + "." + (address[1] & 0xff) + ".*.*"; + String range3 = (address[0] & 0xff) + ".*.*.*"; + if (!LocalClientSession.getAllowedAnonymIPs().containsKey(range1) && + !LocalClientSession.getAllowedAnonymIPs().containsKey(range2) && + !LocalClientSession.getAllowedAnonymIPs().containsKey(range3)) { + forbidAccess = true; + } + } + } catch (UnknownHostException e) { + forbidAccess = true; + } + if(forbidAccess){ + authenticationFailed(session); + return Status.failed; + } // Just accept the authentication :) authenticationSuccessful(session, null, null); return Status.authenticated; diff -Naur ./openfire_src.org/src/java/org/jivesoftware/openfire/session/LocalClientSession.java ./openfire_src.new/src/java/org/jivesoftware/openfire/session/LocalClientSession.java --- ./openfire_src.org/src/java/org/jivesoftware/openfire/session/LocalClientSession.java 2008-04-24 17:28:56.000000000 +0300 +++ ./openfire_src.new/src/java/org/jivesoftware/openfire/session/LocalClientSession.java 2008-06-09 17:12:39.625000000 +0300 @@ -61,6 +61,7 @@ * performance reasons. */ private static Map allowedIPs = new HashMap(); + private static Map allowedAnonymIPs = new HashMap(); /** * The authentication token for this session. @@ -109,6 +110,13 @@ String address = tokens.nextToken().trim(); allowedIPs.put(address, ""); } + String allowedAnonym = JiveGlobals.getProperty("xmpp.client.login.allowedAnonym", ""); + tokens = new StringTokenizer(allowedAnonym, ", "); + while (tokens.hasMoreTokens()) { + String address = tokens.nextToken().trim(); + allowedAnonymIPs.put(address, ""); + + } } /** @@ -121,6 +129,11 @@ return allowedIPs; } + + public static Map getAllowedAnonymIPs() { + return allowedAnonymIPs; + } + /** * Returns a newly created session between the server and a client. The session will * be created and returned only if correct name/prefix (i.e. 'stream' or 'flash') @@ -335,6 +348,30 @@ } } + + + + public static void setAllowedAnonymIPs(Map allowed) { + allowedAnonymIPs = allowed; + if (allowedAnonymIPs.isEmpty()) { + JiveGlobals.deleteProperty("xmpp.client.login.allowedAnonym"); + } + else { + // Iterate through the elements in the map. + StringBuilder buf = new StringBuilder(); + Iterator iter = allowedAnonymIPs.keySet().iterator(); + if (iter.hasNext()) { + buf.append(iter.next()); + } + while (iter.hasNext()) { + buf.append(", ").append(iter.next()); + } + JiveGlobals.setProperty("xmpp.client.login.allowedAnonym", buf.toString()); + } + } + + + /** * Returns whether TLS is mandatory, optional or is disabled for clients. When TLS is * mandatory clients are required to secure their connections or otherwise their connections diff -Naur ./openfire_src.org/src/web/reg-settings.jsp ./openfire_src.new/src/web/reg-settings.jsp --- ./openfire_src.org/src/web/reg-settings.jsp 2008-04-24 17:28:52.000000000 +0300 +++ ./openfire_src.new/src/web/reg-settings.jsp 2008-06-06 18:33:02.984375000 +0300 @@ -42,7 +42,7 @@ boolean canChangePassword = ParamUtils.getBooleanParameter(request, "canChangePassword"); boolean anonLogin = ParamUtils.getBooleanParameter(request, "anonLogin"); String allowedIPs = request.getParameter("allowedIPs"); - + String allowedAnonymIPs = request.getParameter("allowedAnonymIPs"); // Get an IQRegisterHandler: IQRegisterHandler regHandler = XMPPServer.getInstance().getIQRegisterHandler(); IQAuthHandler authHandler = XMPPServer.getInstance().getIQAuthHandler(); @@ -64,7 +64,18 @@ newMap.put(address, ""); } } + + + Map allowedAnonymMap = new HashMap(); + StringTokenizer tokens1 = new StringTokenizer(allowedAnonymIPs, ", "); + while (tokens1.hasMoreTokens()) { + String address = tokens1.nextToken().trim(); + if (pattern.matcher(address).matches()) { + allowedAnonymMap.put(address, ""); + } + } LocalClientSession.setAllowedIPs(newMap); + LocalClientSession.setAllowedAnonymIPs(allowedAnonymMap); // Log the event webManager.logEvent("edited registration settings", "inband enabled = "+inbandEnabled+"\ncan change password = "+canChangePassword+"\nanon login = "+anonLogin+"\nallowed ips = "+allowedIPs); @@ -84,6 +95,16 @@ buf.append(", ").append(iter.next()); } allowedIPs = buf.toString(); + + StringBuilder buf1 = new StringBuilder(); + Iterator iter1 = org.jivesoftware.openfire.session.LocalClientSession.getAllowedAnonymIPs().keySet().iterator(); + if (iter1.hasNext()) { + buf1.append(iter1.next()); + } + while (iter1.hasNext()) { + buf1.append(", ").append(iter1.next()); + } + allowedAnonymIPs = buf1.toString(); %>

@@ -197,7 +218,17 @@ - + + + + + + + + +
+ +
@@ -226,4 +257,5 @@ + \ No newline at end of file