From d0b0f6992a660b901b50e234cd47175e45e1c60a Mon Sep 17 00:00:00 2001
From: Fedor Brunner <fedor.brunner@azet.sk>
Date: Sat, 1 Mar 2014 21:16:24 +0100
Subject: [PATCH] New option 'authentication_mechanisms' Fixes #7671

---
 src/common/config.py     | 1 +
 src/common/connection.py | 9 ++++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/common/config.py b/src/common/config.py
index f5ee4dd26..739d3f7d1 100644
--- a/src/common/config.py
+++ b/src/common/config.py
@@ -351,6 +351,7 @@ class Config:
                     'connection_types': [ opt_str, 'tls ssl plain', _('Ordered list (space separated) of connection type to try. Can contain tls, ssl or plain')],
                     'tls_version': [ opt_str, '1.0', '' ],
                     'cipher_list': [ opt_str, 'HIGH:!aNULL:RC4-SHA', '' ],
+                    'authentication_mechanisms': [ opt_str, '', _('List (space separated) of authentication mechanisms to try. Can contain ANONYMOUS, EXTERNAL, GSSAPI, SCRAM-SHA-1-PLUS, SCRAM-SHA-1, DIGEST-MD5, PLAIN, X-MESSENGER-OAUTH2 or XEP-0078') ],
                     'action_when_plaintext_connection': [ opt_str, 'warn', _('Show a warning dialog before sending password on an plaintext connection. Can be \'warn\', \'connect\', \'disconnect\'') ],
                     'warn_when_insecure_ssl_connection': [ opt_bool, True, _('Show a warning dialog before using standard SSL library.') ],
                     'warn_when_insecure_password': [ opt_bool, True, _('Show a warning dialog before sending PLAIN password over a plain connection.') ],
diff --git a/src/common/connection.py b/src/common/connection.py
index 170b29845..3b260ba5a 100644
--- a/src/common/connection.py
+++ b/src/common/connection.py
@@ -1465,8 +1465,15 @@ class Connection(CommonConnection, ConnectionHandlers):
                 return True
 
         self._register_handlers(con, con_type)
+        auth_mechs = gajim.config.get_per('accounts', self.name, 'authentication_mechanisms')
+        auth_mechs = auth_mechs.split()
+        for mech in auth_mechs:
+            if mech not in nbxmpp.auth_nb.SASL_AUTHENTICATION_MECHANISMS | set(['XEP-0078']):
+                log.warning("Unknown authentication mechanisms %s" % mech)
+        if len(auth_mechs) == 0:
+            auth_mechs = None
         con.auth(user=name, password=self.password,
-            resource=self.server_resource, sasl=1, on_auth=self.__on_auth)
+            resource=self.server_resource, sasl=True, on_auth=self.__on_auth, auth_mechs=auth_mechs)
 
     def ssl_certificate_accepted(self):
         if not self.connection: