im.pidgin.pidgin: 33785a8c844de496aeeed927bad8b39a6e091931

evands at pidgin.im evands at pidgin.im
Mon Dec 17 21:35:42 EST 2007 

-----------------------------------------------------------------
Revision: 33785a8c844de496aeeed927bad8b39a6e091931
Ancestor: 2e5cda103238f64d27e4ed5aa92c149f6d50a5ec
Author: evands at pidgin.im
Date: 2007-12-17T23:18:34
Branch: im.pidgin.pidgin

Modified files:
        libpurple/protocols/jabber/auth.c

ChangeLog: 

If no sasl mechs are appropriate, attempt a jabber:iq:auth connection. Note that this isn't the same as a failed authentication over sasl. Detailed comments in the code regarding my reasoning for this behavior.

-------------- next part --------------
============================================================
--- libpurple/protocols/jabber/auth.c	12caf62ded6c3314a811a59f8730fc801420cd8c
+++ libpurple/protocols/jabber/auth.c	58c06037df664e395e94097daf51b2695e251470
@@ -330,14 +330,21 @@ static void jabber_auth_start_cyrus(Jabb
 							disallow_plaintext_auth);
 					g_free(msg);
 					return;
-				/* Everything else has failed, so fail the
-				 * connection. Should probably have a better
-				 * error here.
-				 */
+
 				} else {
-					purple_connection_error_reason (js->gc,
-						PURPLE_CONNECTION_ERROR_AUTHENTICATION_IMPOSSIBLE,
-						_("Server does not use any supported authentication method"));
+					/* We have no mechs which can work.
+					 * Try falling back on the old jabber:iq:auth method. We get here if the server supports
+					 * one or more sasl mechs, we are compiled with cyrus-sasl support, but we support or can connect with none of
+					 * the offerred mechs. jabberd 2.0 w/ SASL and Apple's iChat Server 10.5 both handle and expect
+					 * jabber:iq:auth in this situation.  iChat Server in particular offers SASL GSSAPI by default, which is often
+					 * not configured on the client side, and expects a fallback to jabber:iq:auth when it (predictably) fails.
+					 *
+					 * Note: xep-0078 points out that using jabber:iq:auth after a sasl failure is wrong. However,
+					 * I believe this refers to actual authentication failure, not a simple lack of concordant mechanisms.
+					 * Doing otherwise means that simply compiling with SASL support renders the client unable to connect to servers
+					 * which would connect without issue otherwise. -evands
+					 */
+					jabber_auth_start_old(js);
 					return;
 				}
 				/* not reached */

More information about the Commits mailing list