Mercurial > pidgin.yaz
changeset 30896:4072761e3454
jabber: Slight improvements to the stream ID fix
This warns that it will fail miserably with digestmd5 legacy auth.
Also, document that crammd5 code and remove a check for js->stream_id
since crammd5 doesn't use it (no salt!)
author | Paul Aurich <paul@darkrain42.org> |
---|---|
date | Tue, 31 Aug 2010 02:52:28 +0000 |
parents | 8084631e2e84 |
children | efb82b6b9406 |
files | libpurple/protocols/jabber/auth.c libpurple/protocols/jabber/parser.c |
diffstat | 2 files changed, 13 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/protocols/jabber/auth.c Tue Aug 31 02:28:05 2010 +0000 +++ b/libpurple/protocols/jabber/auth.c Tue Aug 31 02:52:28 2010 +0000 @@ -251,7 +251,8 @@ g_free(msg); } else if (type == JABBER_IQ_RESULT) { query = xmlnode_get_child(packet, "query"); - if(js->stream_id && xmlnode_get_child(query, "digest")) { + if (js->stream_id && *js->stream_id && + xmlnode_get_child(query, "digest")) { char *s, *hash; iq = jabber_iq_new_query(js, JABBER_IQ_SET, "jabber:iq:auth"); @@ -269,8 +270,10 @@ g_free(s); jabber_iq_set_callback(iq, auth_old_result_cb, NULL); jabber_iq_send(iq); - - } else if(js->stream_id && (x = xmlnode_get_child(query, "crammd5"))) { + } else if ((x = xmlnode_get_child(query, "crammd5"))) { + /* For future reference, this appears to be a custom OS X extension + * to non-SASL authentication. + */ const char *challenge; gchar digest[33]; PurpleCipherContext *hmac;
--- a/libpurple/protocols/jabber/parser.c Tue Aug 31 02:28:05 2010 +0000 +++ b/libpurple/protocols/jabber/parser.c Tue Aug 31 02:52:28 2010 +0000 @@ -102,11 +102,14 @@ PURPLE_CONNECTION_ERROR_AUTHENTICATION_IMPOSSIBLE, _("XMPP stream missing ID")); #else - /* Instead, let's make up a fancy-schmancy stream ID, which - * we need to do because we flag on js->stream_id == NULL being - * a special case in this function. + /* Instead, let's make up a placeholder stream ID, which we need + * to do because we flag on it being NULL as a special case + * in this parsing code. */ - js->stream_id = purple_uuid_random(); + js->stream_id = g_strdup(""); + purple_debug_info("jabber", "Server failed to specify a stream " + "ID (underspecified in rfc3920, but intended " + "to be a MUST; digest legacy auth may fail."); #endif } } else {