aboutsummaryrefslogtreecommitdiffstats
path: root/protocols/jabber/sasl.c
diff options
context:
space:
mode:
Diffstat (limited to 'protocols/jabber/sasl.c')
-rw-r--r--protocols/jabber/sasl.c22
1 files changed, 19 insertions, 3 deletions
diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c
index 45d52593..86f428c9 100644
--- a/protocols/jabber/sasl.c
+++ b/protocols/jabber/sasl.c
@@ -53,8 +53,8 @@ xt_status sasl_pkt_mechanisms(struct xt_node *node, gpointer data)
struct jabber_data *jd = ic->proto_data;
struct xt_node *c, *reply;
char *s;
- int sup_plain = 0, sup_digest = 0, sup_gtalk = 0, sup_fb = 0;
- int want_oauth = FALSE, want_hipchat = FALSE;
+ int sup_plain = 0, sup_digest = 0, sup_gtalk = 0, sup_fb = 0, sup_anonymous = 0;
+ int want_oauth = FALSE, want_hipchat = FALSE, want_anonymous = FALSE;
GString *mechs;
if (!sasl_supported(ic)) {
@@ -73,6 +73,7 @@ xt_status sasl_pkt_mechanisms(struct xt_node *node, gpointer data)
return XT_ABORT;
}
+ want_anonymous = set_getbool(&ic->acc->set, "anonymous");
want_oauth = set_getbool(&ic->acc->set, "oauth");
want_hipchat = (jd->flags & JFLAG_HIPCHAT);
@@ -83,6 +84,8 @@ xt_status sasl_pkt_mechanisms(struct xt_node *node, gpointer data)
sup_plain = 1;
} else if (c->text && g_strcasecmp(c->text, "DIGEST-MD5") == 0) {
sup_digest = 1;
+ } else if (c->text && g_strcasecmp(c->text, "ANONYMOUS") == 0) {
+ sup_anonymous = 1;
} else if (c->text && g_strcasecmp(c->text, "X-OAUTH2") == 0) {
sup_gtalk = 1;
} else if (c->text && g_strcasecmp(c->text, "X-FACEBOOK-PLATFORM") == 0) {
@@ -141,7 +144,20 @@ xt_status sasl_pkt_mechanisms(struct xt_node *node, gpointer data)
imc_logout(ic, FALSE);
xt_free_node(reply);
return XT_ABORT;
- } else if (sup_digest) {
+ } else if (want_anonymous && sup_anonymous) {
+ xt_add_attr(reply, "mechanism", "ANONYMOUS");
+
+ /* Well, that was easy. */
+ } else if (want_anonymous) {
+ imcb_error(ic, "Anonymous login requested, but not supported by server");
+ imc_logout(ic, FALSE);
+ xt_free_node(reply);
+ return XT_ABORT;
+ } else if (sup_digest && !(jd->ssl && sup_plain)) {
+ /* Only try DIGEST-MD5 if there's no SSL/TLS or if PLAIN isn't supported.
+ * Which in practice means "don't bother with DIGEST-MD5 most of the time".
+ * It's weak, pointless over TLS, and often breaks with some servers (hi openfire) */
+
xt_add_attr(reply, "mechanism", "DIGEST-MD5");
/* The rest will be done later, when we receive a <challenge/>. */
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-28 07:42:35 +0000