im.pidgin.pidgin: f6430c7013d08f95c60248eeb22c752a0107499b

evands at pidgin.im evands at pidgin.im
Sat Dec 22 12:05:44 EST 2007 

-----------------------------------------------------------------
Revision: f6430c7013d08f95c60248eeb22c752a0107499b
Ancestor: 16e6cd4ffd8a8308380dc016f0afa782a7750374
Author: evands at pidgin.im
Date: 2007-12-22T16:59:52
Branch: im.pidgin.pidgin

Modified files:
        libpurple/protocols/jabber/auth.c

ChangeLog: 

The DIGEST-MD5 implementation of CYRUS-SASL is incompatible with the implementation in Java.  The result is that we failed to authenticate to Java-based servers such as OpenFire when DIGEST-MD5 was enabled. This appears to be the result of a bug in the Java SASL library.  While we -could- wait for a fix within that library and tell our users that server admins need to upgrade to get the fix, a client-side workaround is very easily accessible to us.

Our own implementation (used when compiled with SASL support) works fine.  We therefore will make use of it when SASL chooses DIGEST-MD5 as the best auth mechanism.

Fixes #2095. Fixes #2186. 
Also fixes http://trac.adiumx.com/ticket/8135.


-------------- next part --------------
============================================================
--- libpurple/protocols/jabber/auth.c	c7157e2b2625e9be09dd8b2c201b1d3dcc72fd19
+++ libpurple/protocols/jabber/auth.c	e5b832b9c3273e547187cae77189719d4c09dbbe
@@ -396,6 +396,24 @@ static void jabber_auth_start_cyrus(Jabb
 				g_free(enc_out);
 			}
 		}
+		
+		if (mech && (strcmp(mech, "DIGEST-MD5") == 0)) {
+			/* CYRUS-SASL's DIGEST-MD5 and Java's DIGEST-MD5 are mutually incompatible because of different interpretations of RFC2831.
+			 * This means that if we are using SASL and connecting to a Java-based server such as OpenFire, we will receive an authentication
+			 * failure if that server offers DIGEST-MD5 in such a way that SASL chooses it as the best mechanism for us.
+			 *
+			 * However, we implement our own DIGEST-MD5 for use when we're compiled without SASL support, and that implementation
+			 * works correctly. Therefore, if SASL chooses DIGEST-MD5, we switch over to our own implementation.
+			 * jabber_auth_handle_challenge() will note the auth_type and take it from there.
+			 *
+			 * SASL would change state to SASL_OK after when handling the challenge; we do so immediately to avoid an error later.
+			 */
+			js->auth_type = JABBER_AUTH_DIGEST_MD5;
+			js->sasl_state = SASL_OK;
+			sasl_dispose(&js->sasl);
+			js->sasl = NULL;
+		}
+
 		jabber_send(js, auth);
 		xmlnode_free(auth);
 	} else {

More information about the Commits mailing list