# HG changeset patch # User Paul Aurich # Date 1274420133 0 # Node ID 1518b6b70556a79dcd771c7a5ccc8ce1bb674c38 # Parent 1b1fee95234182223337cff7611f93858d2d6187 jabber: Blacklist EXTERNAL when using Cyrus. Allows connecting when it's advertised. This fixes what I think is a bug/quirk in Cyrus SASL. The EXTERNAL mech returns SASL_NOMECH to indicate the client hasn't set the necessary data, except SASL_NOMECH is supposed to mean (AFAICT) "None of the mechs given are supported/meet the current security requirements". No other mech does that! diff -r 1b1fee952341 -r 1518b6b70556 ChangeLog --- a/ChangeLog Fri May 21 05:28:59 2010 +0000 +++ b/ChangeLog Fri May 21 05:35:33 2010 +0000 @@ -18,6 +18,10 @@ * Fix unnecessary bandwidth consumption for buddy icon requests when buddies have capital letters in their passport addresses. + XMPP: + * Allow connecting to servers that advertise EXTERNAL (broken in + 2.7.0) + version 2.7.0 (05/12/2010): General: * Changed GTK+ minimum version requirement to 2.10.0. diff -r 1b1fee952341 -r 1518b6b70556 libpurple/protocols/jabber/auth_cyrus.c --- a/libpurple/protocols/jabber/auth_cyrus.c Fri May 21 05:28:59 2010 +0000 +++ b/libpurple/protocols/jabber/auth_cyrus.c Fri May 21 05:35:33 2010 +0000 @@ -408,7 +408,8 @@ { char *mech_name = xmlnode_get_data(mechnode); - if (!mech_name || !*mech_name) { + if (!mech_name || !*mech_name || + g_str_equal(mech_name, "EXTERNAL")) { g_free(mech_name); continue; } @@ -550,7 +551,7 @@ return jabber_auth_start_cyrus(js, reply, error); - } else if ((js->auth_fail_count == 1) && + } else if ((js->auth_fail_count == 1) && (js->current_mech && g_str_equal(js->current_mech, "GSSAPI"))) { /* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth * for compatibility with iChat 10.5 Server and other jabberd based servers.