changeset
The DIGEST-MD5 implementation of CYRUS-SASL is incompatible with the implementation in Java. The result is that we failed to authenticate to Java-based servers such as OpenFire when DIGEST-MD5 was enabled. This appears to be the result of a bug in the Java SASL library. While we -could- wait for a fix within that library and tell our users that server admins need to upgrade to get the fix, a client-side workaround is very easily accessible to us.
Sat, 22 Dec 2007 16:59:52 +0000
- author
- Evan Schoenberg <evands@pidgin.im>
- date
- Sat, 22 Dec 2007 16:59:52 +0000
- changeset 22041
- 18028a56bbd6
- parent 22040
- d1583c2b25e1
- child 22042
- cc6987039f88
- child 22057
- be6564f3db93
The DIGEST-MD5 implementation of CYRUS-SASL is incompatible with the implementation in Java. The result is that we failed to authenticate to Java-based servers such as OpenFire when DIGEST-MD5 was enabled. This appears to be the result of a bug in the Java SASL library. While we -could- wait for a fix within that library and tell our users that server admins need to upgrade to get the fix, a client-side workaround is very easily accessible to us.
Our own implementation (used when compiled with SASL support) works fine. We therefore will make use of it when SASL chooses DIGEST-MD5 as the best auth mechanism.
Fixes #2095. Fixes #2186.
Also fixes http://trac.adiumx.com/ticket/8135.
| libpurple/protocols/jabber/auth.c | file | annotate | diff | comparison | revisions |
--- a/libpurple/protocols/jabber/auth.c Sat Dec 22 15:45:13 2007 +0000 +++ b/libpurple/protocols/jabber/auth.c Sat Dec 22 16:59:52 2007 +0000 @@ -396,6 +396,24 @@ g_free(enc_out); } } + + if (mech && (strcmp(mech, "DIGEST-MD5") == 0)) { + /* CYRUS-SASL's DIGEST-MD5 and Java's DIGEST-MD5 are mutually incompatible because of different interpretations of RFC2831. + * This means that if we are using SASL and connecting to a Java-based server such as OpenFire, we will receive an authentication + * failure if that server offers DIGEST-MD5 in such a way that SASL chooses it as the best mechanism for us. + * + * However, we implement our own DIGEST-MD5 for use when we're compiled without SASL support, and that implementation + * works correctly. Therefore, if SASL chooses DIGEST-MD5, we switch over to our own implementation. + * jabber_auth_handle_challenge() will note the auth_type and take it from there. + * + * SASL would change state to SASL_OK after when handling the challenge; we do so immediately to avoid an error later. + */ + js->auth_type = JABBER_AUTH_DIGEST_MD5; + js->sasl_state = SASL_OK; + sasl_dispose(&js->sasl); + js->sasl = NULL; + } + jabber_send(js, auth); xmlnode_free(auth); } else {
