SASL auth multielement token handling error

[tomek@…]

There is a bug in handling multielement tokens in SASL auth. They simply aren't handled at all.

You can find a patch for this here: http://staff.xiaoka.com/smoku/stuff/Jabber/Gajim/gajim-0.9.1-SASL-auth.patch

[dkirov]

We fixed it yesterday in svn. Gajim-0.10 will be released these days.

Thanks anyway.

[Buy air bed]

Your site is good. Want air bed? Buy air bed

7f6563fdccb3c2c

[smoku]

The implementation is still faulty.

Consider this challenge:

, realm="localhost", nonce="LlBV2txnO8RbB5hgs3KgiQ==", qop="auth, auth-int, ", , , charset=utf-8, algorithm=md5-sess,

According to http://www.ietf.org/rfc/rfc2831.txt it's valid.

But Gajim implementation fails it: (src/common/xmpp/auth_nb.py:182)

if chal.has_key('qop') and ((type(chal['qop']) == str and \
chal['qop'] =='auth') or (type(chal['qop']) == list and 'auth' in \
chal['qop'])):

This code does not recognise "auth, auth-int, " as str neither as list.

[smoku]

src/common/xmpp/auth_nb.py needs to be changed in the following lines in the challenge_splitter() function:

line 52:

elif char == ',' or char == ' ' or char == '\t':

line 62:

elif char == "," or char == ' ' or char == '\t':

[asterix]

(In [7938]) [smoku] fix SASL auth. fixes #1911