# HG changeset patch # User Evan Schoenberg # Date 1198342792 0 # Node ID d7f1231cc21a7abb3fefea35ca0cb18cb3c0ab89 # Parent cf17e6871edc844d7dffde56889c2667b5611df3 The DIGEST-MD5 implementation of CYRUS-SASL is incompatible with the implementation in Java. The result is that we failed to authenticate to Java-based servers such as OpenFire when DIGEST-MD5 was enabled. This appears to be the result of a bug in the Java SASL library. While we -could- wait for a fix within that library and tell our users that server admins need to upgrade to get the fix, a client-side workaround is very easily accessible to us. Our own implementation (used when compiled with SASL support) works fine. We therefore will make use of it when SASL chooses DIGEST-MD5 as the best auth mechanism. Fixes #2095. Fixes #2186. Also fixes http://trac.adiumx.com/ticket/8135. diff -r cf17e6871edc -r d7f1231cc21a libpurple/protocols/jabber/auth.c --- a/libpurple/protocols/jabber/auth.c Sat Dec 22 15:45:13 2007 +0000 +++ b/libpurple/protocols/jabber/auth.c Sat Dec 22 16:59:52 2007 +0000 @@ -396,6 +396,24 @@ g_free(enc_out); } } + + if (mech && (strcmp(mech, "DIGEST-MD5") == 0)) { + /* CYRUS-SASL's DIGEST-MD5 and Java's DIGEST-MD5 are mutually incompatible because of different interpretations of RFC2831. + * This means that if we are using SASL and connecting to a Java-based server such as OpenFire, we will receive an authentication + * failure if that server offers DIGEST-MD5 in such a way that SASL chooses it as the best mechanism for us. + * + * However, we implement our own DIGEST-MD5 for use when we're compiled without SASL support, and that implementation + * works correctly. Therefore, if SASL chooses DIGEST-MD5, we switch over to our own implementation. + * jabber_auth_handle_challenge() will note the auth_type and take it from there. + * + * SASL would change state to SASL_OK after when handling the challenge; we do so immediately to avoid an error later. + */ + js->auth_type = JABBER_AUTH_DIGEST_MD5; + js->sasl_state = SASL_OK; + sasl_dispose(&js->sasl); + js->sasl = NULL; + } + jabber_send(js, auth); xmlnode_free(auth); } else {