changeset 30896:4072761e3454

jabber: Slight improvements to the stream ID fix This warns that it will fail miserably with digestmd5 legacy auth. Also, document that crammd5 code and remove a check for js->stream_id since crammd5 doesn't use it (no salt!)
author Paul Aurich <paul@darkrain42.org>
date Tue, 31 Aug 2010 02:52:28 +0000
parents 8084631e2e84
children efb82b6b9406
files libpurple/protocols/jabber/auth.c libpurple/protocols/jabber/parser.c
diffstat 2 files changed, 13 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/protocols/jabber/auth.c	Tue Aug 31 02:28:05 2010 +0000
+++ b/libpurple/protocols/jabber/auth.c	Tue Aug 31 02:52:28 2010 +0000
@@ -251,7 +251,8 @@
 		g_free(msg);
 	} else if (type == JABBER_IQ_RESULT) {
 		query = xmlnode_get_child(packet, "query");
-		if(js->stream_id && xmlnode_get_child(query, "digest")) {
+		if (js->stream_id && *js->stream_id &&
+				xmlnode_get_child(query, "digest")) {
 			char *s, *hash;
 
 			iq = jabber_iq_new_query(js, JABBER_IQ_SET, "jabber:iq:auth");
@@ -269,8 +270,10 @@
 			g_free(s);
 			jabber_iq_set_callback(iq, auth_old_result_cb, NULL);
 			jabber_iq_send(iq);
-
-		} else if(js->stream_id && (x = xmlnode_get_child(query, "crammd5"))) {
+		} else if ((x = xmlnode_get_child(query, "crammd5"))) {
+			/* For future reference, this appears to be a custom OS X extension
+			 * to non-SASL authentication.
+			 */
 			const char *challenge;
 			gchar digest[33];
 			PurpleCipherContext *hmac;
--- a/libpurple/protocols/jabber/parser.c	Tue Aug 31 02:28:05 2010 +0000
+++ b/libpurple/protocols/jabber/parser.c	Tue Aug 31 02:52:28 2010 +0000
@@ -102,11 +102,14 @@
 					PURPLE_CONNECTION_ERROR_AUTHENTICATION_IMPOSSIBLE,
 					_("XMPP stream missing ID"));
 #else
-			/* Instead, let's make up a fancy-schmancy stream ID, which
-			 * we need to do because we flag on js->stream_id == NULL being
-			 * a special case in this function.
+			/* Instead, let's make up a placeholder stream ID, which we need
+			 * to do because we flag on it being NULL as a special case
+			 * in this parsing code.
 			 */
-			js->stream_id = purple_uuid_random();
+			js->stream_id = g_strdup("");
+			purple_debug_info("jabber", "Server failed to specify a stream "
+			                  "ID (underspecified in rfc3920, but intended "
+			                  "to be a MUST; digest legacy auth may fail."); 
 #endif
 		}
 	} else {