Mercurial > pidgin
comparison libpurple/protocols/jabber/auth_cyrus.c @ 30010:1518b6b70556
jabber: Blacklist EXTERNAL when using Cyrus. Allows connecting when it's advertised.
This fixes what I think is a bug/quirk in Cyrus SASL. The EXTERNAL mech
returns SASL_NOMECH to indicate the client hasn't set the necessary data,
except SASL_NOMECH is supposed to mean (AFAICT) "None of the mechs given
are supported/meet the current security requirements". No other mech
does that!
| author | Paul Aurich <paul@darkrain42.org> |
|---|---|
| date | Fri, 21 May 2010 05:35:33 +0000 |
| parents | 1b1fee952341 |
| children | e727f4f0ae02 |
comparison
equal
deleted
inserted
replaced
| 30009:1b1fee952341 | 30010:1518b6b70556 |
|---|---|
| 406 for(mechnode = xmlnode_get_child(mechanisms, "mechanism"); mechnode; | 406 for(mechnode = xmlnode_get_child(mechanisms, "mechanism"); mechnode; |
| 407 mechnode = xmlnode_get_next_twin(mechnode)) | 407 mechnode = xmlnode_get_next_twin(mechnode)) |
| 408 { | 408 { |
| 409 char *mech_name = xmlnode_get_data(mechnode); | 409 char *mech_name = xmlnode_get_data(mechnode); |
| 410 | 410 |
| 411 if (!mech_name || !*mech_name) { | 411 if (!mech_name || !*mech_name || |
| 412 g_str_equal(mech_name, "EXTERNAL")) { | |
| 412 g_free(mech_name); | 413 g_free(mech_name); |
| 413 continue; | 414 continue; |
| 414 } | 415 } |
| 415 | 416 |
| 416 g_string_append(js->sasl_mechs, mech_name); | 417 g_string_append(js->sasl_mechs, mech_name); |
| 548 /* If we have remaining mechs to try, do so */ | 549 /* If we have remaining mechs to try, do so */ |
| 549 sasl_dispose(&js->sasl); | 550 sasl_dispose(&js->sasl); |
| 550 | 551 |
| 551 return jabber_auth_start_cyrus(js, reply, error); | 552 return jabber_auth_start_cyrus(js, reply, error); |
| 552 | 553 |
| 553 } else if ((js->auth_fail_count == 1) && | 554 } else if ((js->auth_fail_count == 1) && |
| 554 (js->current_mech && g_str_equal(js->current_mech, "GSSAPI"))) { | 555 (js->current_mech && g_str_equal(js->current_mech, "GSSAPI"))) { |
| 555 /* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth | 556 /* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth |
| 556 * for compatibility with iChat 10.5 Server and other jabberd based servers. | 557 * for compatibility with iChat 10.5 Server and other jabberd based servers. |
| 557 * | 558 * |
| 558 * iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often | 559 * iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often |