pidgin: 8b405520: jabber: Blacklist EXTERNAL when using Cy...

darkrain42 at pidgin.im darkrain42 at pidgin.im
Fri May 21 01:42:41 EDT 2010 

-----------------------------------------------------------------
Revision: 8b4055200f818c195ef2771f93ac02d9dc87665e
Ancestor: d62c8715a65cb3d82a34f3a518e2fa03263c033b
Author: darkrain42 at pidgin.im
Date: 2010-05-21T05:35:33
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/8b4055200f818c195ef2771f93ac02d9dc87665e

Modified files:
        ChangeLog libpurple/protocols/jabber/auth_cyrus.c

ChangeLog: 

jabber: Blacklist EXTERNAL when using Cyrus.  Allows connecting when it's advertised.

This fixes what I think is a bug/quirk in Cyrus SASL.  The EXTERNAL mech
returns SASL_NOMECH to indicate the client hasn't set the necessary data,
except SASL_NOMECH is supposed to mean (AFAICT) "None of the mechs given
are supported/meet the current security requirements".  No other mech
does that!

-------------- next part --------------
============================================================
--- ChangeLog	0fdaf22ae17653e9537a18a175a375002f6294b9
+++ ChangeLog	e8faec668b0b23d3aa711af4afeb19a751427e6d
@@ -18,6 +18,10 @@ version 2.7.1 (??/??/????):
 	* Fix unnecessary bandwidth consumption for buddy icon requests when
 	  buddies have capital letters in their passport addresses.
 
+	XMPP:
+	* Allow connecting to servers that advertise EXTERNAL (broken in
+	  2.7.0)
+
 version 2.7.0 (05/12/2010):
 	General:
 	* Changed GTK+ minimum version requirement to 2.10.0.
============================================================
--- libpurple/protocols/jabber/auth_cyrus.c	2c32ba3585f840186b7b339a02b122e5d54fa6af
+++ libpurple/protocols/jabber/auth_cyrus.c	4f2b22d5544a49be18e0f71ac97b67fcc5fec23d
@@ -408,7 +408,8 @@ jabber_cyrus_start(JabberStream *js, xml
 	{
 		char *mech_name = xmlnode_get_data(mechnode);
 
-		if (!mech_name || !*mech_name) {
+		if (!mech_name || !*mech_name ||
+				g_str_equal(mech_name, "EXTERNAL")) {
 			g_free(mech_name);
 			continue;
 		}
@@ -550,7 +551,7 @@ jabber_cyrus_handle_failure(JabberStream
 
 			return jabber_auth_start_cyrus(js, reply, error);
 
-		} else if ((js->auth_fail_count == 1) && 
+		} else if ((js->auth_fail_count == 1) &&
 				   (js->current_mech && g_str_equal(js->current_mech, "GSSAPI"))) {
 			/* If we tried GSSAPI first, it failed, and it was the only method we had to try, try jabber:iq:auth
 			 * for compatibility with iChat 10.5 Server and other jabberd based servers.

More information about the Commits mailing list