Mercurial > pidgin.yaz

changeset 26354:fcee93c74230

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
BOSH: For authentication purposes, HTTPS is equivalent to a secured JabberStream. Since we always require the connection from CM to server to be secure, allow BOSH+HTTPS to pass 'Require SSL/TLS'.
author Paul Aurich <paul@darkrain42.org>
date Mon, 23 Mar 2009 00:38:20 +0000
parents 07e22e1897f6
children 79ca1cf55d9d
files libpurple/protocols/jabber/auth.c libpurple/protocols/jabber/bosh.c libpurple/protocols/jabber/bosh.h libpurple/protocols/jabber/jabber.c libpurple/protocols/jabber/jabber.h
diffstat 5 files changed, 37 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/protocols/jabber/auth.c	Sun Mar 22 23:44:31 2009 +0000
+++ b/libpurple/protocols/jabber/auth.c	Mon Mar 23 00:38:20 2009 +0000
@@ -281,7 +281,7 @@
 	secprops.min_ssf = 0;
 	secprops.security_flags = SASL_SEC_NOANONYMOUS;
 
-	if (!js->gsc) {
+	if (!jabber_stream_is_ssl(js)) {
 		secprops.max_ssf = -1;
 		secprops.maxbufsize = 4096;
 		plaintext = purple_account_get_bool(js->gc->account, "auth_plain_in_clear", FALSE);
@@ -544,7 +544,7 @@
 	} else if(plain) {
 		js->auth_type = JABBER_AUTH_PLAIN;
 
-		if(js->gsc == NULL && !purple_account_get_bool(js->gc->account, "auth_plain_in_clear", FALSE)) {
+		if(!jabber_stream_is_ssl(js) && !purple_account_get_bool(js->gc->account, "auth_plain_in_clear", FALSE)) {
 			char *msg = g_strdup_printf(_("%s requires plaintext authentication over an unencrypted connection.  Allow this and continue authentication?"),
 					js->gc->account->username);
 			purple_request_yes_no(js->gc, _("Plaintext Authentication"),
@@ -662,7 +662,7 @@
 			jabber_iq_send(iq);
 
 		} else if(xmlnode_get_child(query, "password")) {
-			if(js->gsc == NULL && !purple_account_get_bool(js->gc->account,
+			if(!jabber_stream_is_ssl(js) && !purple_account_get_bool(js->gc->account,
 						"auth_plain_in_clear", FALSE)) {
 				char *msg = g_strdup_printf(_("%s requires plaintext authentication over an unencrypted connection.  Allow this and continue authentication?"),
 											js->gc->account->username);
--- a/libpurple/protocols/jabber/bosh.c	Sun Mar 22 23:44:31 2009 +0000
+++ b/libpurple/protocols/jabber/bosh.c	Mon Mar 23 00:38:20 2009 +0000
@@ -216,6 +216,11 @@
 	g_free(conn);
 }
 
+gboolean jabber_bosh_connection_is_ssl(PurpleBOSHConnection *conn)
+{
+	return conn->ssl;
+}
+
 void jabber_bosh_connection_close(PurpleBOSHConnection *conn)
 {
 	jabber_bosh_connection_send_native(conn, PACKET_TERMINATE, NULL);
@@ -580,9 +585,18 @@
 	 * with AIM!
 	 */
 	conn->ready = FALSE;
-	conn->fd = -1;
-	purple_input_remove(conn->ie_handle);
-	conn->ie_handle = 0;
+	if (conn->psc) {
+		purple_ssl_close(conn->psc);
+		conn->psc = NULL;
+	} else if (conn->fd >= 0) {
+		close(conn->fd);
+		conn->fd = -1;
+	}
+
+	if (conn->ie_handle) {
+		purple_input_remove(conn->ie_handle);
+		conn->ie_handle = 0;
+	}
 
 	if (conn->bosh->pipelining)
 		/* Hmmmm, fall back to multiple connections */
@@ -686,7 +700,7 @@
 		if (cnt < 0)
 			purple_debug_info("jabber", "bosh read=%d, errno=%d\n", cnt, errno);
 		else
-			purple_debug_info("jabber", "bosh server closed connection\n");
+			purple_debug_info("jabber", "bosh server closed the connection\n");
 
 		/*
 		 * If the socket is closed, the processing really needs to know about
--- a/libpurple/protocols/jabber/bosh.h	Sun Mar 22 23:44:31 2009 +0000
+++ b/libpurple/protocols/jabber/bosh.h	Mon Mar 23 00:38:20 2009 +0000
@@ -32,6 +32,8 @@
 PurpleBOSHConnection* jabber_bosh_connection_init(JabberStream *js, const char *url);
 void jabber_bosh_connection_destroy(PurpleBOSHConnection *conn);
 
+gboolean jabber_bosh_connection_is_ssl(PurpleBOSHConnection *conn);
+
 void jabber_bosh_connection_connect(PurpleBOSHConnection *conn);
 void jabber_bosh_connection_close(PurpleBOSHConnection *conn);
 void jabber_bosh_connection_send(PurpleBOSHConnection *conn, xmlnode *node);
--- a/libpurple/protocols/jabber/jabber.c	Sun Mar 22 23:44:31 2009 +0000
+++ b/libpurple/protocols/jabber/jabber.c	Mon Mar 23 00:38:20 2009 +0000
@@ -188,7 +188,7 @@
 		if(jabber_process_starttls(js, packet))
 
 			return;
-	} else if(purple_account_get_bool(js->gc->account, "require_tls", FALSE) && !js->gsc) {
+	} else if(purple_account_get_bool(js->gc->account, "require_tls", FALSE) && !jabber_stream_is_ssl(js)) {
 		purple_connection_error_reason (js->gc,
 			 PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR,
 			_("You require encryption, but it is not available on this server."));
@@ -1745,6 +1745,12 @@
 	}
 }
 
+gboolean jabber_stream_is_ssl(JabberStream *js)
+{
+	return (js->bosh && jabber_bosh_connection_is_ssl(js->bosh)) ||
+	       (!js->bosh && js->gsc);
+}
+
 const char *jabber_list_icon(PurpleAccount *a, PurpleBuddy *b)
 {
 	return "jabber";
--- a/libpurple/protocols/jabber/jabber.h	Sun Mar 22 23:44:31 2009 +0000
+++ b/libpurple/protocols/jabber/jabber.h	Mon Mar 23 00:38:20 2009 +0000
@@ -313,6 +313,13 @@
  */
 void jabber_add_identity(const gchar *category, const gchar *type, const gchar *lang, const gchar *name);
 
+/**
+ * Returns true if this connection is over a secure (SSL) stream. Use this
+ * instead of checking js->gsc because BOSH stores its PurpleSslConnection
+ * members in its own data structure.
+ */
+gboolean jabber_stream_is_ssl(JabberStream *js);
+
 /** PRPL functions */
 const char *jabber_list_icon(PurpleAccount *a, PurpleBuddy *b);
 const char* jabber_list_emblem(PurpleBuddy *b);