From a9a596c15b490c578f8f39183819ce29a4e6513d Mon Sep 17 00:00:00 2001 From: Manjeet Dahiya Date: Tue, 23 Feb 2010 11:46:23 +0000 Subject: Fix Issue 46:Error in SASLDigestMD5 with jabber.org Issue 39: MD5 Authentication does not work against servers which return '=' in their nonce The SASL auth using the MD5 mechanism specifies the key value pairs, such as nonce, qop, algorithm. The format is: key = "value". The parsing in the qxmpp therefore splits on the '=' character to process the key/values. This fails when any one of the field values contains a '='. The parsing should take what is in the value delimiters '"' literally. Please find attached a patch to fix the parsing. Three additional related minor changes have been made: 1) base64 encode the client generated nonce. This is because the random nonce generator can encode a null (0) char, which is messy and can break things server side 2) Enforce the steps of the challenge/response authentication rather then relying on content of the payload 3) Disconnect if the client gives a SASL auth failure Thanks mr.o.wickham for providing the patch. --- source/QXmppStream.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source/QXmppStream.h') diff --git a/source/QXmppStream.h b/source/QXmppStream.h index df3401bf..2890d38e 100644 --- a/source/QXmppStream.h +++ b/source/QXmppStream.h @@ -126,9 +126,9 @@ private: QXmppClient::StreamError m_xmppStreamError; // m_xmppStanzaError; - QXmppVCardManager m_vCardManager; QXmppArchiveManager m_archiveManager; + int m_authStep; QXmppConfiguration& getConfiguration(); void parser(const QByteArray&); @@ -139,7 +139,8 @@ private: void sendNonSASLAuthQuery( const QString &to ); void sendAuthPlain(); void sendAuthDigestMD5(); - void sendAuthDigestMD5Response(const QString& challenge); + void sendAuthDigestMD5ResponseStep1(const QString& challenge); + void sendAuthDigestMD5ResponseStep2(); void sendBindIQ(); void sendSessionIQ(); void sendInitialPresence(); -- cgit v1.2.3