changeset 30397:7eeb5a9d1d80

merge of '45c13cbd9c56429c7ed3b9a147b1d76692f3968d' and '55f17462bcdf93474447c4505853b919e1247311'
author Daniel Atallah <daniel.atallah@gmail.com>
date Wed, 19 May 2010 03:26:38 +0000
parents 62f0988c666c (current diff) 6c148063fdfd (diff)
children 3409f6235155
files pidgin/win32/nsis/langmacros.nsh pidgin/win32/nsis/translations/afrikaans.nsh pidgin/win32/nsis/translations/albanian.nsh pidgin/win32/nsis/translations/arabic.nsh pidgin/win32/nsis/translations/basque.nsh pidgin/win32/nsis/translations/bulgarian.nsh pidgin/win32/nsis/translations/catalan.nsh pidgin/win32/nsis/translations/czech.nsh pidgin/win32/nsis/translations/danish.nsh pidgin/win32/nsis/translations/dutch.nsh pidgin/win32/nsis/translations/english.nsh pidgin/win32/nsis/translations/finnish.nsh pidgin/win32/nsis/translations/french.nsh pidgin/win32/nsis/translations/galician.nsh pidgin/win32/nsis/translations/german.nsh pidgin/win32/nsis/translations/hebrew.nsh pidgin/win32/nsis/translations/hungarian.nsh pidgin/win32/nsis/translations/italian.nsh pidgin/win32/nsis/translations/japanese.nsh pidgin/win32/nsis/translations/korean.nsh pidgin/win32/nsis/translations/kurdish.nsh pidgin/win32/nsis/translations/lithuanian.nsh pidgin/win32/nsis/translations/norwegian.nsh pidgin/win32/nsis/translations/norwegian_nynorsk.nsh pidgin/win32/nsis/translations/persian.nsh pidgin/win32/nsis/translations/polish.nsh pidgin/win32/nsis/translations/portuguese-br.nsh pidgin/win32/nsis/translations/portuguese.nsh pidgin/win32/nsis/translations/romanian.nsh pidgin/win32/nsis/translations/russian.nsh pidgin/win32/nsis/translations/serbian-latin.nsh pidgin/win32/nsis/translations/simp-chinese.nsh pidgin/win32/nsis/translations/slovak.nsh pidgin/win32/nsis/translations/slovenian.nsh pidgin/win32/nsis/translations/spanish.nsh pidgin/win32/nsis/translations/swedish.nsh pidgin/win32/nsis/translations/trad-chinese.nsh pidgin/win32/nsis/translations/valencian.nsh pidgin/win32/nsis/translations/vietnamese.nsh
diffstat 1 files changed, 23 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/protocols/jabber/auth_cyrus.c	Wed May 19 03:26:05 2010 +0000
+++ b/libpurple/protocols/jabber/auth_cyrus.c	Wed May 19 03:26:38 2010 +0000
@@ -252,6 +252,25 @@
 					g_free(msg);
 					return JABBER_SASL_STATE_CONTINUE;
 
+				} else
+					js->auth_fail_count++;
+
+				if (js->auth_fail_count == 1 &&
+					(js->sasl_mechs->str && g_str_equal(js->sasl_mechs->str, "GSSAPI"))) {
+					/* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth
+					 * for compatibility with iChat 10.5 Server and other jabberd based servers.
+					 *
+					 * iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often
+					 * not configured on the client side, and expects a fallback to jabber:iq:auth when it (predictably) fails.
+					 *
+					 * Note: xep-0078 points out that using jabber:iq:auth after a sasl failure is wrong. However,
+					 * I believe this refers to actual authentication failure, not a simple lack of concordant mechanisms.
+					 * Doing otherwise means that simply compiling with SASL support renders the client unable to connect to servers
+					 * which would connect without issue otherwise. -evands
+					 */
+					js->auth_mech = NULL;
+					jabber_auth_start_old(js);
+					return JABBER_SASL_STATE_CONTINUE;					
 				}
 
 				break;
@@ -266,6 +285,8 @@
 			default:
 				purple_debug_info("sasl", "sasl_state is %d, failing the mech and trying again\n", js->sasl_state);
 
+				js->auth_fail_count++;
+
 				/*
 				 * DAA: is this right?
 				 * The manpage says that "mech" will contain the chosen mechanism on success.
@@ -522,9 +543,9 @@
 		} else if ((js->auth_fail_count == 1) && 
 				   (js->current_mech && g_str_equal(js->current_mech, "GSSAPI"))) {
 			/* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth
-			 * for compatibility with iChat 10.5 Server.
+			 * for compatibility with iChat 10.5 Server and other jabberd based servers.
 			 *
-			 * iChat Server 10.5  offers SASL GSSAPI by default, which is often
+			 * iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often
 			 * not configured on the client side, and expects a fallback to jabber:iq:auth when it (predictably) fails.
 			 *
 			 * Note: xep-0078 points out that using jabber:iq:auth after a sasl failure is wrong. However,