Use MD5 login for ICQ. Fall back to XOR upon failure.

[MarkDoliner]

The ICQ protocol should be changed to use MD5 for login. If login fails using MD5 then the user should be prompted if they want to try using the old XOR method (similar to how our XMPP PRPL prompts if you're ok with using plaintext auth of an unencrypted session).

[db42]

intrested

[muerr]

Please fix this bug, it is causing ICQ to not log in per this old bug: #1642.a

[db42]

I've attached a file which atleast for me allows me to enter ICQ with MD5 authentication instead of XOR. Please test and tell me how it goes.

[db42]

fixes the MD5 login problems in ICQ ?

[db42]

Ok, upon investigating this issue, it seems that the ICQ servers would kick the client if he would send an MD5 auth request (which uses FLAP type 2) before sending a regular message of any type on the LOGIN channel (FLAP type 1).

My patch sends an empty FLAP type 1 message and only then sends the regular AIM MD5 auth mechanizm as used before, this way ICQ doesn't kick us directly, and the login works when disabling ICQ XOR support.

[db42]

Looking at the code, oscar.c , function connection_established_cb :

if (conn->cookie == NULL) {

if (!aim_snvalid_icq(purple_account_get_username(account)))

/*

• We don't send this when authenticating an ICQ account
• because for some reason ICQ is still using the
• assy/insecure authentication procedure. */

flap_connection_send_version(od, conn);

}

Maybe this code was what was causing the MD5 not to work (my code basically does the same but in a different function) ?

[db42]

better patch

[db42]

Ok, changed the patch again for minimal changes required for MD5 to work on ICQ.

[db42]

Anything new on this issue being resolved?

[sadrul]

I believe the desired behaviour is not to completely disable the XOR method (as the second patch does). Rather, if MD5 login fails, then XOR method should be used, after confirmation from the user.

I am not familiar with the oscar code, but it looks like we want to prompt the user for confirmation from oscar.c:purple_parse_auth_resp (when info->errorcode == 0x05). If you want to give it a try, take a look at jabber/auth.c:jabber_auth_start and see how it prompts the user before trying plain-text authentication.

[rekkanoryo@…]

(In [346c4d5ca1e54139bd6af4f3e4097f42cdf043be]):
Patch from 'db42' to enable MD5 auth on ICQ. Refs #4449. Before I merge this back to im.pidgin.pidgin I want to get a prompt in here to let the user fail over to the XOR method if MD5 fails. I suspect this won't be necessary though.

[rlaager]

This worked for me. The last time we tried MD5 auth in ICQ, my account would not sign in. Therefore, I've merged the branch into trunk.

[rlaager]

db42, if you're not already in the COPYRIGHT file and would like to be credited there, please let me know your real name as you'd like it listed in that file. Thanks for the patch! Sorry it took so long for us to commit this.

[db42]

finally ! :) now i hope somebody will accept #1977 as for the copyright is it possible to just have my nick there without a name ?

[rlaager]

Replying to db42:

finally ! :) now i hope somebody will accept #1977 as for the copyright is it possible to just have my nick there without a name ?

I don't want to go down that road.