Error in SASL authentication when SASL authzid parameter is null

I was considering this Patch for 4.0.0 since it appeared valid to me. Could you elaborate why you think it will break existing applications based on SMACK?

While this bug is very easy to fix, it will break all current existing applications based on SMACK. We (Saros DPP Eclipse Plugin Project) already include this patch for almost about over a year in our code base to get rid off this Google Talk Hack (since we applied this patch we never got a issue report again complaining about unable to login to a XMPP server).

If I remember correctly the current workaround to connect to GTALK with SASL enabled (GTalk seems to only support SASL plain) is to change the username login to:

username@[googlemail.com|gmail.com] which will bypass the authid check in SASL. I did not test what happens if you login with username: foobar@gmail.com with this fix applied but you should ensure that it either works with the old workaround or at least inform the developers that they have to be aware of that fix.

BR

The bug is still there in the trunk (r13858). Even the patch suffered a bit of bitrot.

I don't seem to be able to upload a patch, so here is the new one:

smack-357-r13858.patch

Any update on this issue? It looks like Section 6.3.8 of RFC 6120 now states explicitly that

If the initiating entity does not wish to act on behalf of another entity, it MUST NOT provide an authorization identity.

(i.e. authzid must be empty) Is there more work or testing that needs to be done on the patch or something else which makes it unacceptable?

Thanks,
Kevin

Same patch as p1.zip, but as plain file for easy online viewing