Mercurial > pidgin
comparison libpurple/protocols/jabber/auth_cyrus.c @ 30010:1518b6b70556
jabber: Blacklist EXTERNAL when using Cyrus. Allows connecting when it's advertised.
This fixes what I think is a bug/quirk in Cyrus SASL. The EXTERNAL mech
returns SASL_NOMECH to indicate the client hasn't set the necessary data,
except SASL_NOMECH is supposed to mean (AFAICT) "None of the mechs given
are supported/meet the current security requirements". No other mech
does that!
author | Paul Aurich <paul@darkrain42.org> |
---|---|
date | Fri, 21 May 2010 05:35:33 +0000 |
parents | 1b1fee952341 |
children | e727f4f0ae02 |
comparison
equal
deleted
inserted
replaced
30009:1b1fee952341 | 30010:1518b6b70556 |
---|---|
406 for(mechnode = xmlnode_get_child(mechanisms, "mechanism"); mechnode; | 406 for(mechnode = xmlnode_get_child(mechanisms, "mechanism"); mechnode; |
407 mechnode = xmlnode_get_next_twin(mechnode)) | 407 mechnode = xmlnode_get_next_twin(mechnode)) |
408 { | 408 { |
409 char *mech_name = xmlnode_get_data(mechnode); | 409 char *mech_name = xmlnode_get_data(mechnode); |
410 | 410 |
411 if (!mech_name || !*mech_name) { | 411 if (!mech_name || !*mech_name || |
412 g_str_equal(mech_name, "EXTERNAL")) { | |
412 g_free(mech_name); | 413 g_free(mech_name); |
413 continue; | 414 continue; |
414 } | 415 } |
415 | 416 |
416 g_string_append(js->sasl_mechs, mech_name); | 417 g_string_append(js->sasl_mechs, mech_name); |
548 /* If we have remaining mechs to try, do so */ | 549 /* If we have remaining mechs to try, do so */ |
549 sasl_dispose(&js->sasl); | 550 sasl_dispose(&js->sasl); |
550 | 551 |
551 return jabber_auth_start_cyrus(js, reply, error); | 552 return jabber_auth_start_cyrus(js, reply, error); |
552 | 553 |
553 } else if ((js->auth_fail_count == 1) && | 554 } else if ((js->auth_fail_count == 1) && |
554 (js->current_mech && g_str_equal(js->current_mech, "GSSAPI"))) { | 555 (js->current_mech && g_str_equal(js->current_mech, "GSSAPI"))) { |
555 /* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth | 556 /* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth |
556 * for compatibility with iChat 10.5 Server and other jabberd based servers. | 557 * for compatibility with iChat 10.5 Server and other jabberd based servers. |
557 * | 558 * |
558 * iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often | 559 * iChat Server 10.5 and certain other corporate servers offer SASL GSSAPI by default, which is often |