Mercurial > pidgin.yaz
changeset 21922:d7f1231cc21a
The DIGEST-MD5 implementation of CYRUS-SASL is incompatible with the implementation in Java. The result is that we failed to authenticate to Java-based servers such as OpenFire when DIGEST-MD5 was enabled. This appears to be the result of a bug in the Java SASL library. While we -could- wait for a fix within that library and tell our users that server admins need to upgrade to get the fix, a client-side workaround is very easily accessible to us.
Our own implementation (used when compiled with SASL support) works fine. We therefore will make use of it when SASL chooses DIGEST-MD5 as the best auth mechanism.
Fixes #2095. Fixes #2186.
Also fixes http://trac.adiumx.com/ticket/8135.
author | Evan Schoenberg <evan.s@dreskin.net> |
---|---|
date | Sat, 22 Dec 2007 16:59:52 +0000 |
parents | cf17e6871edc |
children | 1981f277ab01 e9005670e279 |
files | libpurple/protocols/jabber/auth.c |
diffstat | 1 files changed, 18 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/protocols/jabber/auth.c Sat Dec 22 15:45:13 2007 +0000 +++ b/libpurple/protocols/jabber/auth.c Sat Dec 22 16:59:52 2007 +0000 @@ -396,6 +396,24 @@ g_free(enc_out); } } + + if (mech && (strcmp(mech, "DIGEST-MD5") == 0)) { + /* CYRUS-SASL's DIGEST-MD5 and Java's DIGEST-MD5 are mutually incompatible because of different interpretations of RFC2831. + * This means that if we are using SASL and connecting to a Java-based server such as OpenFire, we will receive an authentication + * failure if that server offers DIGEST-MD5 in such a way that SASL chooses it as the best mechanism for us. + * + * However, we implement our own DIGEST-MD5 for use when we're compiled without SASL support, and that implementation + * works correctly. Therefore, if SASL chooses DIGEST-MD5, we switch over to our own implementation. + * jabber_auth_handle_challenge() will note the auth_type and take it from there. + * + * SASL would change state to SASL_OK after when handling the challenge; we do so immediately to avoid an error later. + */ + js->auth_type = JABBER_AUTH_DIGEST_MD5; + js->sasl_state = SASL_OK; + sasl_dispose(&js->sasl); + js->sasl = NULL; + } + jabber_send(js, auth); xmlnode_free(auth); } else {