Fix

Issue 46:Error in SASLDigestMD5 with jabber.org
Issue 39: MD5 Authentication does not work against servers which return '=' in their nonce

The SASL auth using the MD5 mechanism specifies the key value pairs, such as nonce, qop, algorithm. The format is: key = "value". The parsing in the qxmpp therefore splits on the '=' character to process the key/values. This fails when any one of the field values contains a '='. The parsing should take what is in the value delimiters '"' literally.

Please find attached a patch to fix the parsing. Three additional related minor changes have been made:
1) base64 encode the client generated nonce. This is because the random nonce generator can encode a null (0) char, which is messy and can break things server side
2) Enforce the steps of the challenge/response authentication rather then relying on content of the payload
3) Disconnect if the client gives a SASL auth failure

Thanks mr.o.wickham for providing the patch.

1 files changed, 3 insertions, 2 deletions

diff --git a/source/QXmppStream.h b/source/QXmppStream.h
index df3401bf..2890d38e 100644
--- a/source/QXmppStream.h
+++ b/source/QXmppStream.h
@@ -126,9 +126,9 @@ private:
     QXmppClient::StreamError m_xmppStreamError;
 //    m_xmppStanzaError;
 
-
     QXmppVCardManager m_vCardManager;
     QXmppArchiveManager m_archiveManager;
+    int m_authStep;
 
     QXmppConfiguration& getConfiguration();
     void parser(const QByteArray&);
@@ -139,7 +139,8 @@ private:
     void sendNonSASLAuthQuery( const QString &to );
     void sendAuthPlain();
     void sendAuthDigestMD5();
-    void sendAuthDigestMD5Response(const QString& challenge);
+    void sendAuthDigestMD5ResponseStep1(const QString& challenge);
+    void sendAuthDigestMD5ResponseStep2();
     void sendBindIQ();
     void sendSessionIQ();
     void sendInitialPresence();