pidgin: 36b528cb: jabber: Slight improvements to the strea...

darkrain42 at pidgin.im darkrain42 at pidgin.im
Mon Aug 30 23:01:08 EDT 2010 

----------------------------------------------------------------------
Revision: 36b528cbf13e606208f74b6ec90ce973f512df75
Parent:   c0ab48eae87a364c3f96d882aea1a7349e6f45ad
Author:   darkrain42 at pidgin.im
Date:     08/30/10 22:52:28
Branch:   im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/36b528cbf13e606208f74b6ec90ce973f512df75

Changelog: 

jabber: Slight improvements to the stream ID fix

This warns that it will fail miserably with digestmd5 legacy auth.
Also, document that crammd5 code and remove a check for js->stream_id
since crammd5 doesn't use it (no salt!)

Changes against parent c0ab48eae87a364c3f96d882aea1a7349e6f45ad

  patched  libpurple/protocols/jabber/auth.c
  patched  libpurple/protocols/jabber/parser.c

-------------- next part --------------
============================================================
--- libpurple/protocols/jabber/auth.c	4ca630855b2e464d1329f98f163010fd783c7fd5
+++ libpurple/protocols/jabber/auth.c	8bbd39c21dc1df5ca43ebf50f24777174713981b
@@ -251,7 +251,8 @@ static void auth_old_cb(JabberStream *js
 		g_free(msg);
 	} else if (type == JABBER_IQ_RESULT) {
 		query = xmlnode_get_child(packet, "query");
-		if(js->stream_id && xmlnode_get_child(query, "digest")) {
+		if (js->stream_id && *js->stream_id &&
+				xmlnode_get_child(query, "digest")) {
 			char *s, *hash;
 
 			iq = jabber_iq_new_query(js, JABBER_IQ_SET, "jabber:iq:auth");
@@ -269,8 +270,10 @@ static void auth_old_cb(JabberStream *js
 			g_free(s);
 			jabber_iq_set_callback(iq, auth_old_result_cb, NULL);
 			jabber_iq_send(iq);
-
-		} else if(js->stream_id && (x = xmlnode_get_child(query, "crammd5"))) {
+		} else if ((x = xmlnode_get_child(query, "crammd5"))) {
+			/* For future reference, this appears to be a custom OS X extension
+			 * to non-SASL authentication.
+			 */
 			const char *challenge;
 			gchar digest[33];
 			PurpleCipherContext *hmac;
============================================================
--- libpurple/protocols/jabber/parser.c	ef705d432576972f7888419626b57e83bf60d916
+++ libpurple/protocols/jabber/parser.c	ee1ef93c1a2dd02b5264f3e50b43182a1ba419e6
@@ -102,11 +102,14 @@ jabber_parser_element_start_libxml(void 
 					PURPLE_CONNECTION_ERROR_AUTHENTICATION_IMPOSSIBLE,
 					_("XMPP stream missing ID"));
 #else
-			/* Instead, let's make up a fancy-schmancy stream ID, which
-			 * we need to do because we flag on js->stream_id == NULL being
-			 * a special case in this function.
+			/* Instead, let's make up a placeholder stream ID, which we need
+			 * to do because we flag on it being NULL as a special case
+			 * in this parsing code.
 			 */
-			js->stream_id = purple_uuid_random();
+			js->stream_id = g_strdup("");
+			purple_debug_info("jabber", "Server failed to specify a stream "
+			                  "ID (underspecified in rfc3920, but intended "
+			                  "to be a MUST; digest legacy auth may fail."); 
 #endif
 		}
 	} else {

More information about the Commits mailing list