pidgin: c0ab48ea: jabber: Unify "Require TLS" and "Use old...

Mon Aug 30 23:01:08 EDT 2010

----------------------------------------------------------------------
Revision: c0ab48eae87a364c3f96d882aea1a7349e6f45ad
Parent:   ce1f68461b4b0e34ee986f40f488e67de12b24c6
Author:   darkrain42 at pidgin.im
Date:     08/30/10 22:28:05
Branch:   im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/c0ab48eae87a364c3f96d882aea1a7349e6f45ad

Changelog: 

jabber: Unify "Require TLS" and "Use old-style (port 5223) SSL" settings

Changes against parent ce1f68461b4b0e34ee986f40f488e67de12b24c6

  patched  ChangeLog
  patched  libpurple/account.c
  patched  libpurple/protocols/jabber/auth.c
  patched  libpurple/protocols/jabber/jabber.c
  patched  libpurple/protocols/jabber/jabber.h
  patched  libpurple/protocols/jabber/libxmpp.c

-------------- next part --------------
============================================================

--- ChangeLog	8f079ec2db857edb29c1f8dbeb4cf92b2438a332
+++ ChangeLog	87f77133d2716e20f57ec111e846d3083771bbfd
@@ -17,6 +17,7 @@ version 2.7.4 (MM/DD/YYYY):
 	  and HMAC options or the QQ protocol version).
 
 	XMPP:
+	* Unify the connection security-related settings into one dropdown.
 	* Fix a crash when multiple accounts are simultaneously performing
 	  SASL authentication when built with Cyrus SASL support.  (thanks
 	  to Jan Kaluza) (#11560)
============================================================
--- libpurple/protocols/jabber/jabber.c	9c1f4dbfa2d4aec4f3eaa4108bf6661902317394
+++ libpurple/protocols/jabber/jabber.c	815f4feb43800065295ec2cc3a033bc2e7a393d9
@@ -232,7 +232,7 @@ jabber_process_starttls(JabberStream *js
 		return TRUE;
 	}
 
-	if(purple_account_get_bool(account, "require_tls", JABBER_DEFAULT_REQUIRE_TLS)) {
+	if (g_str_equal("require_tls", purple_account_get_string(account, "connection_security", JABBER_DEFAULT_REQUIRE_TLS))) {
 		purple_connection_error_reason(js->gc,
 				PURPLE_CONNECTION_ERROR_NO_SSL_SUPPORT,
 				_("You require encryption, but no TLS/SSL support was found."));
@@ -244,12 +244,16 @@ void jabber_stream_features_parse(Jabber
 
 void jabber_stream_features_parse(JabberStream *js, xmlnode *packet)
 {
-	if(xmlnode_get_child(packet, "starttls")) {
-		if(jabber_process_starttls(js, packet)) {
+	PurpleAccount *account = purple_connection_get_account(js->gc);
+	const char *connection_security =
+		purple_account_get_string(account, "connection_security", JABBER_DEFAULT_REQUIRE_TLS);
+
+	if (xmlnode_get_child(packet, "starttls")) {
+		if (jabber_process_starttls(js, packet)) {
 			jabber_stream_set_state(js, JABBER_STREAM_INITIALIZING_ENCRYPTION);
 			return;
 		}
-	} else if(purple_account_get_bool(js->gc->account, "require_tls", JABBER_DEFAULT_REQUIRE_TLS) && !jabber_stream_is_ssl(js)) {
+	} else if (g_str_equal(connection_security, "require_tls") && !jabber_stream_is_ssl(js)) {
 		purple_connection_error_reason(js->gc,
 			 PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR,
 			_("You require encryption, but it is not available on this server."));
@@ -1014,7 +1018,7 @@ jabber_stream_connect(JabberStream *js)
 	js->certificate_CN = g_strdup(connect_server[0] ? connect_server : js->user->domain);
 
 	/* if they've got old-ssl mode going, we probably want to ignore SRV lookups */
-	if(purple_account_get_bool(account, "old_ssl", FALSE)) {
+	if (g_str_equal("old_ssl", purple_account_get_string(account, "connection_security", JABBER_DEFAULT_REQUIRE_TLS))) {
 		if(purple_ssl_is_supported()) {
 			js->gsc = purple_ssl_connect(account, js->certificate_CN,
 					purple_account_get_int(account, "port", 5223),
============================================================
--- libpurple/protocols/jabber/jabber.h	1c6cf16631a65e79ba7fff3147fcbfba98ed7c05
+++ libpurple/protocols/jabber/jabber.h	3dc20c750b4c7eec8aa28b8c04d3279b73dc3a02
@@ -80,7 +80,7 @@ typedef struct _JabberStream JabberStrea
 
 #define CAPS0115_NODE "http://pidgin.im/"
 
-#define JABBER_DEFAULT_REQUIRE_TLS    TRUE
+#define JABBER_DEFAULT_REQUIRE_TLS    "require_starttls"
 #define JABBER_DEFAULT_FT_PROXIES     "proxy.eu.jabber.org"
 
 /* Index into attention_types list */
============================================================
--- libpurple/account.c	233bd035152e9144a71521e1ce7e8290a8db60cc
+++ libpurple/account.c	6604d1b1b68205a426ab77db867e2051722364fe
@@ -513,6 +513,25 @@ static void
 }
 
 static void
+migrate_xmpp_encryption(PurpleAccount *account)
+{
+	/* When this is removed, nuke the "old_ssl" and "require_tls" settings */
+	if (g_str_equal(purple_account_get_protocol_id(account), "prpl-jabber")) {
+		const char *sec = purple_account_get_string(account, "connection_security", "");
+
+		if (g_str_equal("", sec)) {
+			const char *val = "require_tls";
+			if (purple_account_get_bool(account, "old_ssl", FALSE))
+				val = "old_ssl";
+			else if (!purple_account_get_bool(account, "require_tls", TRUE))
+				val = "opportunistic_tls";
+
+			purple_account_set_string(account, "connection_security", val);
+		}
+	}
+}
+
+static void
 parse_settings(xmlnode *node, PurpleAccount *account)
 {
 	const char *ui;
@@ -579,6 +598,9 @@ parse_settings(xmlnode *node, PurpleAcco
 	/* we do this here because we need access to account settings to determine
 	 * if we can/should migrate an old Yahoo! JAPAN account */
 	migrate_yahoo_japan(account);
+	/* we do this here because we need to do it before the user views the
+	 * Edit Account dialog. */
+	migrate_xmpp_encryption(account);
 }
 
 static GList *
============================================================
--- libpurple/protocols/jabber/auth.c	5e8b9d2dce41c65865f2af0cc8a39dfb48f673b4
+++ libpurple/protocols/jabber/auth.c	4ca630855b2e464d1329f98f163010fd783c7fd5
@@ -340,7 +340,8 @@ void jabber_auth_start_old(JabberStream 
 	 * is requiring SSL/TLS, we need to enforce it.
 	 */
 	if (!jabber_stream_is_ssl(js) &&
-			purple_account_get_bool(account, "require_tls", JABBER_DEFAULT_REQUIRE_TLS)) {
+			g_str_equal("require_tls",
+				purple_account_get_string(account, "connection_security", JABBER_DEFAULT_REQUIRE_TLS))) {
 		purple_connection_error_reason(js->gc,
 			PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR,
 			_("You require encryption, but it is not available on this server."));
============================================================
--- libpurple/protocols/jabber/libxmpp.c	cbfca2a5d3f10d83f1d05ff858ec52306c6eee68
+++ libpurple/protocols/jabber/libxmpp.c	78493ec7493ce47350b0442f6c55cb969692e03c
@@ -253,6 +253,7 @@ init_plugin(PurplePlugin *plugin)
 {
 	PurpleAccountUserSplit *split;
 	PurpleAccountOption *option;
+	GList *encryption_values = NULL;
 
 	/* Translators: 'domain' is used here in the context of Internet domains, e.g. pidgin.im */
 	split = purple_account_user_split_new(_("Domain"), NULL, '@');
@@ -263,13 +264,26 @@ init_plugin(PurplePlugin *plugin)
 	purple_account_user_split_set_reverse(split, FALSE);
 	prpl_info.user_splits = g_list_append(prpl_info.user_splits, split);
 
-	option = purple_account_option_bool_new(_("Require SSL/TLS"), "require_tls", JABBER_DEFAULT_REQUIRE_TLS);
-	prpl_info.protocol_options = g_list_append(prpl_info.protocol_options,
-											   option);
+#define ADD_VALUE(list, desc, v) { \
+	PurpleKeyValuePair *kvp = g_new0(PurpleKeyValuePair, 1); \
+	kvp->key = g_strdup((desc)); \
+	kvp->value = g_strdup((v)); \
+	list = g_list_prepend(list, kvp); \
+}
 
-	option = purple_account_option_bool_new(_("Force old (port 5223) SSL"), "old_ssl", FALSE);
+	ADD_VALUE(encryption_values, _("Require encryption"), "require_tls");
+	ADD_VALUE(encryption_values, _("Use encryption if available"), "opportunistic_tls");
+	ADD_VALUE(encryption_values, _("Use old-style SSL"), "old_ssl");
+#if 0
+	ADD_VALUE(encryption_values, "None", "none");
+#endif
+	encryption_values = g_list_reverse(encryption_values);
+
+#undef ADD_VALUE
+
+	option = purple_account_option_list_new(_("Connection security"), "connection_security", encryption_values);
 	prpl_info.protocol_options = g_list_append(prpl_info.protocol_options,
-											   option);
+						   option);
 
 	option = purple_account_option_bool_new(
 						_("Allow plaintext auth over unencrypted streams"),
