Mercurial > pidgin.yaz
changeset 30385:6c148063fdfd
applied changes from bf4b720f9231b395fb51bf1e27440328d46bceb5
through 5d1cd42e92b6d03e3c1556c107bf4e6174743813
author | Evan Schoenberg <evan.s@dreskin.net> |
---|---|
date | Tue, 18 May 2010 04:28:41 +0000 |
parents | 9de98679c02b |
children | 7eeb5a9d1d80 |
files | libpurple/protocols/jabber/auth_cyrus.c |
diffstat | 1 files changed, 23 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/protocols/jabber/auth_cyrus.c Mon May 17 16:00:10 2010 +0000 +++ b/libpurple/protocols/jabber/auth_cyrus.c Tue May 18 04:28:41 2010 +0000 @@ -252,6 +252,25 @@ g_free(msg); return JABBER_SASL_STATE_CONTINUE; + } else + js->auth_fail_count++; + + if (js->auth_fail_count == 1 && + (js->sasl_mechs->str && g_str_equal(js->sasl_mechs->str, "GSSAPI"))) { + /* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth + * for compatibility with iChat 10.5 Server and other jabberd based servers. + * + * iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often + * not configured on the client side, and expects a fallback to jabber:iq:auth when it (predictably) fails. + * + * Note: xep-0078 points out that using jabber:iq:auth after a sasl failure is wrong. However, + * I believe this refers to actual authentication failure, not a simple lack of concordant mechanisms. + * Doing otherwise means that simply compiling with SASL support renders the client unable to connect to servers + * which would connect without issue otherwise. -evands + */ + js->auth_mech = NULL; + jabber_auth_start_old(js); + return JABBER_SASL_STATE_CONTINUE; } break; @@ -266,6 +285,8 @@ default: purple_debug_info("sasl", "sasl_state is %d, failing the mech and trying again\n", js->sasl_state); + js->auth_fail_count++; + /* * DAA: is this right? * The manpage says that "mech" will contain the chosen mechanism on success. @@ -522,9 +543,9 @@ } else if ((js->auth_fail_count == 1) && (js->current_mech && g_str_equal(js->current_mech, "GSSAPI"))) { /* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth - * for compatibility with iChat 10.5 Server. + * for compatibility with iChat 10.5 Server and other jabberd based servers. * - * iChat Server 10.5 offers SASL GSSAPI by default, which is often + * iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often * not configured on the client side, and expects a fallback to jabber:iq:auth when it (predictably) fails. * * Note: xep-0078 points out that using jabber:iq:auth after a sasl failure is wrong. However,